Cryptonite Open Source Ransomware Toolkit Turns Into Accidental Wiper Malware
Reading Time: 2 minutes

A version of Cryptonite an open-source ransomware toolkit has been transformed into an accidental wiper malware due to vulnerabilities in its architecture and programming. 

Cryptonite, is being offered for free through a GitHub repository by CYBERDEVILZ hacking group and is not available for sale on the darknet. The malware is written in Python and uses the Fernet module of the cryptography package to encrypt files with a “.cryptn8” extension.

According to Fortinet researcher Gergely Revay, the original repository of Cryptonite was forked and all were removed. Though a version of it has endured, surfacing purely as a wiper due to weak architecture and programming.

A recent development by researchers at Fortinet suggests a new sample that locks files with no option to decrypt and acts as a destructive data wiper.

However, it’s not a deliberate act on part of the threat actor. This change comes from issues without quality assurance that causes the program to crash while trying to display the ransom note after encrypting files.

Gergely Revay added, “The problem with this flaw is that due to the design simplicity of the ransomware if the program crashes — or is even closed — there is no way to recover the encrypted files.”

When the ransomware executes, an exception is thrown and the “key” used to encrypt your files never makes its way to the operators. As a result, you’re left locked out with no way of decrypting your data.

Recent ransomware attacks are a real threat. These types of wipers allow for data deletion without the chance of getting it back. The study is being conducted at a time when wipers have been used to deceive people about their computer security and are becoming more common than encryptors.

Related Articles:
New CryWiper Data Wiper Malware Posing as Ransomware Targets Russian Courts
AppleJeus Malware Disguised as Cryptocurrency Apps Distributed by North Korean Hackers
SiriusXM Vulnerability Allows Hackers to Remotely Unlock and Start Connected Cars