Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

BlackByte Ransomware Decryptor Released To Recover Files For Free

BlackByte Ransomware Decryptor Released To Recover Files For Free

A free decryptor for the BlackByte ransomware has been released, allowing past victims to recover their files for free.

When executed, most ransomware will generate a unique encryption key per file or a single key per machine known as sessions keys used to encrypt a victim’s device.

These keys are then encrypted with a public RSA key and appended to the end of an encrypted file or a ransom note. This encrypted key can now only be decrypted by the associated private decryption key known only to the ransomware operation.

This makes it so threat actors can decrypt the encrypted keys when a victim pays a ransom.

Also Read: What is Smishing? How Can We Prevent It? Explained.

BlackByte reused encryption keys

In a report by Trustwave,  researchers explain that the ransomware was downloading a file called ‘forest.png’ from a remote site under their control. While this file is named to appear as an image file, it actually contains the AES encryption key used to encrypt a device.

As BlackByte uses AES symmetrical encryption, the same key is used for both the encryption and decryption of files.

While BlackByte also encrypts this downloaded AES encryption key and appends it to the ransom note, Trustwave discovered that the ransomware gang was reusing the same forest.png file for multiple victims.

As the same ‘raw’ encryption key was being reused, Trustwave could use that key to build a decryptor that recovers a victim’s files for free.

However, there are always drawbacks when releasing free decryptors like this as it alerts the ransomware gangs of the bugs in their programs and quickly fixed.

Trustwave’s report and decryptor did not go unnoticed by the ransomware gang, who warned that they have used more than one key and that utilizing the decryptor with the wrong key would corrupt a victim’s files.

“we have seen in some places that there is a decryption for our ransom. we would not recommend you to use that. because we do not use only 1 key. if you will use the wrong decryption for your system you may break everything, and you wont be able to restore your system again.we just want to warn you, if you do decide to use that, its at your own risk.” – BlackByte.

BlackByte's response to Trustwave's decryptor
BlackByte’s response to Trustwave’s decryptor

If you are a BlackByte victim and want to use Trustwave’s decryptor, you will need to download the source code from Github and compile it yourself.

While Trustwave has included a default ‘forest.png’ file that will be used to extract the decryption key, it may be possible that BlackByte rotated the encryption keys downloaded in that file.

Due to this, it is strongly advised that you backup files before attempting to decrypt them.

Furthermore, if you have a ‘forest.png’ file on an encrypted device, you should use that file rather than the one bundled with Trustwave’s decryptor.

Also Read: 5 Signs On How to Know if Ransomware is on Your Computer

Who is BlackByte?

BlackByte is a ransomware operation that slowly started targeting corporate victims worldwide in early July 2021.

First reports of the ransomware showed up about a week later in the BleepingComputer forums after victims sought help in decrypting their files.

BlackByte ransom note
BlackByte ransom note

Written in C#, BlackByte will attempt to terminate numerous security, mail server, and database processes to successfully encrypt a device.

The ransomware will also attempt to disable Microsoft Defender on target devices before attempting encryption.

While BlackByte is not as active as other ransomware operations, they have successfully conducted many attacks worldwide and should not be ignored.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us