Avast Decryption Tool for TaRRaK 1.0.0.724
Avast Decryption Tool for TaRRaK helps to decrypt the poorly coded TaRRaK strain of ransomware. All the Avast Decryption Tools are available in one zip here.
The TaRRaK ransomware appeared in June 2021, contains many coding errors, and is designed using the .NET framework. Its binary file is notably clean and does not include any protection mechanisms or obfuscations. Upon execution, the ransomware creates a mutex named TaRRaK to guarantee that only one instance of the malware runs at a time. Moreover, it establishes an auto-start registry entry, ensuring the ransomware is executed every time a user logs in.
The files affected by this ransomware will have a new extension added to their filenames, which is .TaRRaK. Furthermore, the encrypted files will also include the TaRRaK signature at the beginning of the file. The desktop background is also set to show a specific picture. (See screenshot # 2).
The ransomware initially attempts to read an entire file into memory using the File.ReadAllBytes() function. However, this function can only handle up to 2 GB of data. If the file is larger, an exception is triggered and caught by the try-catch block. Unfortunately, the try-catch block only deals with a permission-denied situation. It effectively adds an ACL entry, providing full access to everyone, and then retries the read data operation. Any other error would cause the exception to be raised again, resulting in the ransomware being stuck in an infinite loop.
Even if the data load operation is successful and the file data fits in memory, there's another issue. The Encrypt function transforms the array of bytes into an array of 32-bit integers.
If the encryption process finishes without any sharing violation or other errors, the ransom note file (screenshot # 1) named "Encrypted Files by TaRRaK.txt" is dropped into the root folder of each drive.
Similar:
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
What's the Be What'sivirus and Is Windows Defender Good Enough?
How to Manage Windows Defender Antivirus Found Threats
What to Do When Your Norton or McAfee Antivirus Expire
Avast Decryption Tool for TaRRaK 1.0.0.724
Avast Decryption Tool for TaRRaK helps to decrypt the poorly coded TaRRaK strain of ransomware. All the Avast Decryption Tools are available in one zip here.