TrueCrypter ransomware code flaw allows hacked victims to decrypt files

A new cypto-ransomware called TrueCrypter has been discovered to have a key flaw that allows hacked victims to decrypt their files by simply pressing a button, thereby rendering it useless. The ransomware is still believed to be in the developmental stages.

AVG malware analyst Jakub Kroustek uncovered the ransomware, which encrypts victims' data using AES-256 encryption and then goes on to demand payment. Unlike other ransomware variants, in addition to accepting Bitcoin payments, TrueCrypter also accepts Amazon Gift Cards as an alternative payment method from its victims.

The ransomware is capable of targeting 194 different file types and once the victims' files have been encrypted, it posts a ransom note via a pop-up window, according to Softpedia. The ransomware developer demands from a victim 0.2 Bitcoin ($90, £60) or $115 in Amazon Gift card.

However, TrueCrypter appears to have a major flaw in its code, which provides hacked victims with a simple way to decrypt their files. The pop-up ransom note window has a pay button at the bottom right corner, clicking on which automatically decrypts the files and proceeds to remove itself from the victims' computers.

TrueCrypter is not the first ransomware to accept Amazon Gift cards as a payment alternative. However, given that Amazon can fairly simply track payments made via their gift cards, this would be an odd choice for a hacker to make. Moreover, the fact that the ransomware has such major flaw in its code indicates that the developer is more likely to be amateur rather than a veteran malware developer.

There appears to be an alarming rise in crypto-ransomware attacks in the recent past, which pose a serious threat to cybersecurity specialists as well as laymen. In March, cybersecurity firm Trend Micro published a report in which it pinpointed crypto-ransomware attacks as one of the top cybersecurity issues of 2016.