KEEPNET LABS > Blog > Hive Ransomware Data Decryption

Hive Ransomware Data Decryption

The researchers estimated the precision with which they might reconstruct the master key and the number of encrypted files that could be recovered with such a partially known master key by doing various trials.

Among the many malware decodes, ransomware poses a serious threat. Ransomware encrypts data and demands a ransom in exchange for decryption. Since data recovery is not possible unless the encryption key is obtained, some companies incur significant losses, such as paying large amounts of money or losing important data.

Hive’s ransomware program caused a lot of damage and caused the Fbi to issue a warning about it. In order to minimize the damage caused by Hive ransomware and to help victims recover their files, we analyzed Hive ransomware and examined its recovery methods.

After analyzing the encryption process of the Hive ransomware, we confirmed that the vulnerabilities exist using their own encryption algorithms. We have partially restored the master key to generate the file encryption key to enable decryption of data encrypted by the Hive ransomware. We recovered 95% of the master key without the attacker’s RSA private key and decrypted the encrypted real data.

This is the first successful attempt to decrypt the Hive ransomware. It is expected that our method can be used to reduce the damage caused by Hive ransomware.

Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.