Technology

Thousands of ransomware victims may finally get some long-awaited relief.

New Zealand-based security company Emsisoft has built a set of decryption tools for Stop, a family of ransomware that includes Djvu and Puma, which they say could help victims recover some of their files.

Stop is believed to be the most active ransomware in the world, accounting for more than half of all ransomware infections, according to figures from ID-Ransomware, a free site that helps identify infections. But Emsisoft saidthat figure is likely to be far higher.

If you&ve never had ransomware, you&re one of the lucky ones. Ransomware is one of the more common ways nowadays for some criminals to make money by infecting computers with malware that locks files using encryption. Once the Stop ransomware infects, it renames a userfiles with one of any number of extensions, replacing .jpg and .png files with .radman, .djvu and .puma, for example. Victims can unlock their files in exchange for a ransom demand — usually a few hundred dollars in cryptocurrency.

Not all ransomware is created equally. Some security experts have been able to unlock some victims& files without paying up by finding vulnerabilities in the code that powers the ransomware, allowing them in some cases to reverse the encryption and return a victimfiles back to normal.

Stop is the latest ransomware that researchers at Emsisoft have been able to crack.

&Itmore of a complicated decryption tool than you would normally get,& said Michael Gillespie, the tools& developer and a researcher at Emsisoft. &It is a very complicated ransomware,& he said.

In Stopcase, it encrypts user files with either an online key thatpulled from the attackerserver, or an offline key, which encrypts users& files when it can&t communicate with the server. Gillespie said many victims have been infected with offline keys because the attackers& web infrastructure was often down or inaccessible to the infected computer.

Here are how the tools work.

The ransomware attackers give each victim a &master key,& said Gillespie. That master key is combined with the first five bytes of each file that the ransomware encrypts. Some filetypes, like .png image files, share the same five bytes in every .png file. By comparing an original file with an encrypted file and applying some mathematical computations, he can decrypt not only that .png file but other .png of the same filetype.

Some filetypes share the same initial five bytes. Most modern Microsoft Office documents, like .docx and .pptx, share the same five bytes as .zip files. With any before and after file, any one of these filetypes can decrypt the others.

Therea catch. The decryption tool is ¬ a cure-all& for your infected computer, said Gillespie.

&The victim has to find a good before and after of basically every format that they want to recover,& he said.

Once the system is clean of the ransomware, he said victims should try to look for any files that were backed up. That could be default Windows wallpapers, or it can mean going through your email and finding an original file that you sent and matching it with the now-encrypted file.

When the user uploads a &before and after& pair of files to the submission portal, the server will do the math and figure out if the pair of files are compatible and will spit back which extensions can be decrypted.

But there are pitfalls, said Gillespie.

&Any infections after the end of August 2019, unfortunately therenot much we can do unless it was encrypted with the offline key,& he said. If an online key was pulled from the attackerserver, victims are out of luck. He added that files submitted to the portal have to be above 150 kilobytes in size or the decryption tools won&t work, because thathow much of the file the ransomware encrypts. And some file extensions will be difficult if not impossible to recover because each file extension handles the first five bytes of the file differently.

&The victim really needs to put in some effort,& he said.

The current share of worldwide ransomware infections (Image: Emsisoft)

This isn&t Gillespiefirst rodeo. For a time, he was manually processing decryption keys for victims whose files had been encrypted with an offline key. He built a rudimentary decryption tool, the aptly named STOPDecrypter, which decrypted some victims& files. But keeping the tool up to date was a cat and mouse game he was playing with the ransomware attackers. Every time he found a workaround, the attackers would push out new encrypted file extensions in an effort to outwit him.

&They were keeping me on my toes constantly,& he said.

Since the launch of STOPDecrypter, Gillespie has received thousands of messages from people whose systems have been encrypted by the Stop ransomware. By posting on the Bleeping Computer forums, he has been able to keep victims up to date with his findings and updates to his decryption tool.

But as some victims became more desperate to get their files back, Gillespie has faced the brunt of their frustrations.

&The sitemoderators were patiently responding. They&ve kept the peace,& he said. &A couple of other volunteers on the forums have also been helping explain things to victims.&

&Therebeen a lot of community support trying to help in every little small bit,& he said.

Gillespie said the tool will also be fed into EuropolNo More Ransom Project so that future victims will be notified that a decryption tool is available.

The turbulence of Brexit has left both U.K. and European startups alike wondering about the best path forward. From recruiting to acquiring investment to scaling into other parts of Europe, the challenges seem to be mounting. By December, who knows what will have happened on the Brexit landscape, such is the chaos.

At Disrupt Berlin in December, we&ll hear from investor Bindi Karia, who has deep European ties; founder Glenn Shoosmith, whoexpanding his startup internationally; and German-born but U.K.-domiciled VC Volker Hirsch on how to make the right decisions in the face of these obstacles.

Bindi Karia works as a venture partner at large London-based VC Draper Esprit, and has held positions in and around the tech industry for as long as shebeen working. Shebeen a consultant at PwC Consulting, worked in corporate environments like Microsoft Ventures, served within a startup at Trayport and was an advisor across a number of organizations (Startup Europe, Techstars Startup Weekend, Tech London Advocates, European Innovation Council, WEF). Shebeen a banker with Silicon Valley Bank and currently invests as a partner at a large London-based VC firm, as well as serving on the advisory board for seven different startups. She brings a wealth of knowledge to the conversation and understands the differing perspectives involved in each startupjourney to success.

Volker Hirsch will bring us not only his perspective as a former entrepreneur-turned-VC but also as a German-born citizen living in the U.K. and dealing with Brexit. He is a partner at Amadeus, working on its early-stage funds, whose investment focus is on artificial intelligence and machine learning, autonomous systems, human-machine interfaces, cybersecurity, enterprise SaaS, digital health and medical technologies.

Volker has founded or co-founded a total of six companies to date. He is currently co-founder of Blue Beck, a 40-strong mobile development house, and a venture partner at Emerge Education, Europeleading early-stage edtech investor.

Prior to joining Amadeus Capital, Volker was amongst the first angel investors in companies like Pi-Top, Bibblio (where he is also chairman), Aula Education and Wonde. His personal investment portfolio comprises about a dozen investments with companies based across Europe and the U.S.

Previously, Volker was the chief strategy officer at Scoreloop, a mobile social gaming platform, which he helped grow from (almost) inception to 450 million users at its peak. When the company was acquired by BlackBerry in 2011, he served as BlackBerryglobal head of Business Development & Games.

Lastly, Glenn Shoosmith will bring his perspective as a founder with a substantial operation in the U.K. but who recently expanded into the U.S. Originally founded as BookingBug in 2008, the renamed JRNI (pronounced &journey&) has become one of the market-leading multichannel appointment scheduling and customer journey platforms, helping leading global retailers, banks, central and local governments enhance their customer experience and save costs. JRNI has a team of more than 100 based in London, Boston and Sydney.

Glenn has been a passionate advocate for London and the U.K. as a technology hub within Europe, and in the past has helped shape government policy toward innovation and technology, both as an early advocate for Tech City, and as an advisor and representative of the government nationally and internationally.

Buy your ticket to Disrupt Berlin to listen to this discussion — and many others. The conference will take place December 11-12.

On the heels of getting the FCCproposal to merge with Sprint, T-Mobile announced a plan to partner with Jeffrey Katzenbergmobile streaming service, Quibi. According to statements provided to the LA Times, and confirmed by Variety, Quibi CEO Meg Whitman specifically called out T-Mobile&impressive 5G road map& as a good fit for the soon-to-launch streaming service.

The partnership will give T-Mobile 83.1 million customers access to Quibipremium content, but no details as to how it would be bundled into the carrierplans are currently available. Itpossible that Quibi will either be offered at a discount for T-Mobile users, or it could be available as an add-on or available with a special bundle deal.

The deal will present a new competitor to AT-Tstreaming services, AT-T TV Now (previously DirecTV Now) and low-cost WatchTV, as well as its upcoming premium service, HBO Max. Verizon (TechCrunchparent company) also dabbled with mobile streaming with go90, but that service was shut down last year after failing to gain adoption.

The news of the T-Mobile deal comes on the heels of a series of rapid-fire announcements about the shows and celebs who will be contributing to Quibi, which will provide a range of programming, including news, lifestyle, comedy, drama, horror, reality, action and more. And all is broken up into shorter-form bits — or &quick bites,& hence the servicename.

As for the programming, Quibi has brought in big names like Sam Raimi, Guillermo del Toro, Antoine Fuqua and producer Jason Blum, Liam Hemsworth, Lorne Michaels, Steven Speilberg, Tyra Banks, Idris Elba, Trevor Noah, Queen Latifah, Sophie Turner and others.

&Quibi will deliver premium video content for millennials on a technology platform that is built exclusively for mobile, so a telecommunications partner like T-Mobile, with their broad coverage today and impressive 5G road map, is the perfect fit,& Quibi chief executive Meg Whitman said in a statement run by the LA Times.

&Quibi is leading the way on how video content is made and experienced in a mobile-first world,& said Mike Sievert, president and chief operating officer of T-Mobile. &Thatwhy our partnership makes perfect sense — two mobile-centric disrupters coming together to give customers something new and remarkable.&

Terms of the deal were not disclosed.

The companies confirmed the news to TechCrunch, following the L.A. Times report.