[Asia Economy Reporter Lim Hye-seon] The Korea Internet & Security Agency (KISA), in collaboration with the Ministry of Science and ICT, announced on the 28th that it has developed and distributed the world's first 'Hive Ransomware Unified Recovery Tool' capable of recovering up to version 4, supporting damage recovery. Hive ransomware infiltrates systems by exploiting vulnerabilities in the Windows Remote Desktop Protocol (RDP), encrypts files, and changes the file extensions to '.hive' or random strings depending on the version.
The Hive Ransomware Unified Recovery Tool automatically identifies the version of the infected ransomware by using the encryption key encrypted by the attacker located in a specific path. This improves user convenience by addressing the inconvenience of previous recovery tools, which required victims to manually check the infected ransomware version by looking at the file extension and size of the encryption key.
To use the unified recovery tool, multiple infected files and multiple uninfected original files are required. Original files can be obtained by reinstalling the same version of the program installed on the infected PC on another PC, or through files sent and received via email, or files stored on removable storage devices.
Since the probability of recovering the encryption key varies depending on the number and size of infected and uninfected original files, it is necessary to secure as many files as possible to increase the probability. Using the secured encryption key, probabilistic recovery of the infected files is possible.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
