This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016

Technology description

This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016.

The malware demanded a ransom to recover the files, but with this tool you don't have to pay. When executed, it allows to get the password used to recover the files.

Functionalities

Steps to be taken to implement the POC: 1. Run RecoverPopCorn.exe on the infected system.
2. If the system is infected with the most common variant of PopCorn, the first field should be filled in with information about the path where the ransomware itself is located. If not, the system may not be infected with a known variant. If the field is not automatically filled in with the path but you know where the infection file is located, you can search for it with the "File..." button.
3. Click on the "Code decryptor" button. A text string will appear in the lower panel. 4. Copy and paste that string into the malware's ransom dialog.
5. Wait for the malware to unlock the files. It will automatically remove itself from the system, but it is advisable to check your system with an up-to-date antivirus.
Recover Popcorn
Innovation Technologies

DirtyTooth

Hack solved as of iOS 11.2 that accesses services and information from Bluetooth-enabled devices.

DirtyTooth for Raspberry Pi

This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi.

Wannacry File Restorer

Wannacry File Restorer allows recovering files left in the middle of the Wannacry malware encryption process on a computer. Thanks to this PoC, these files can be recovered.