"Open-Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware"

Due to its poor architecture and programming, an open-source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities. Cryptonite, unlike other ransomware strains, is not for sale on the cybercriminal underground and was previously distributed for free by an actor known as CYBERDEVILZ via a GitHub repository. The source code and forks have since been removed. The malware, written in Python, uses the Fernet module of the cryptography package to encrypt files with a ".cryptn8" extension. However, a new sample examined by Fortinet FortiGuard Labs was discovered to lock files with no way to decrypt them, essentially acting as a destructive data wiper. This does not appear to be a deliberate action on the part of the threat actor, but rather the result of a lack of quality assurance, which causes the program to crash when attempting to display the ransom note after the encryption process has been completed. The problem with this flaw is that due to the ransomware's design simplicity, there is no way to recover the encrypted files if the program crashes or is even closed, according to Fortinet researcher Gergely Revay. This article continues to discuss Cryptonite accidentally turning into wiper malware.

THN reports "Open-Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware"