A Method for Decrypting Data Infected with Hive Ransomware

02/17/2022
by   Giyoon Kim, et al.
0

Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data. In this paper, we analyzed Hive ransomware, which appeared in June 2021. Hive ransomware has caused immense harm, leading the FBI to issue an alert about it. To minimize the damage caused by Hive Ransomware and to help victims recover their files, we analyzed Hive Ransomware and studied recovery methods. By analyzing the encryption process of Hive ransomware, we confirmed that vulnerabilities exist by using their own encryption algorithm. We have recovered the master key for generating the file encryption key partially, to enable the decryption of data encrypted by Hive ransomware. We recovered 95 private key and decrypted the actual infected data. To the best of our knowledge, this is the first successful attempt at decrypting Hive ransomware. It is expected that our method can be used to reduce the damage caused by Hive ransomware.

READ FULL TEXT

page 17

page 18

research
10/15/2020

Fully Homomorphic Encryption via Affine Automorphisms

Homomorphic encryption is a method used in cryptopgraphy to create progr...
research
08/17/2018

Bitstream-Based JPEG Image Encryption with File-Size Preserving

An encryption scheme of JPEG images in the bitstream domain is proposed....
research
08/04/2022

Beware of Discarding Used SRAMs: Information is Stored Permanently

Data recovery has long been a focus of the electronics industry for deca...
research
08/17/2018

Confidential Encrypted Data Hiding and Retrieval Using QR Authentication System

Now, security and authenticity of data is a big challenge. To solve this...
research
10/24/2022

Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification

Ransomware is a malicious class of software that utilises encryption to ...
research
04/29/2019

Fully Homomorphic Encryption Encapsulated Difference Expansion for Reversible Data hiding in Encrypted Domain

This paper proposes a fully homomorphic encryption encapsulated differen...
research
02/09/2021

Avaddon ransomware: an in-depth analysis and decryption of infected systems

The commoditization of Malware-as-a-Service (MaaS) allows criminals to o...

Please sign up or login with your details

Forgot password? Click here to reset