Victims of a recently uncovered form of ransomware are being warned not to pay the ransom demand, simply because the ransomware isn't able to decrypt files -it just destroys them instead. 

Coded in Python, Cryptonite ransomware first appeared in October as part of a free-to-download open-source toolkit -available to anyone with the skills required to deploy it in attacks against Microsoft Windows systems, with phishing attacks believed to be the most common means of delivery.  

Security

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next

But analysis of Cryptonite by cybersecurity researchers at Fortinet has found that the ransomware only has "barebones" functionality and doesn't offer a means of decrypting files at all, even if a ransom payment is made. 

Also: Cybersecurity: These are the new things to worry about in 2023

Instead, Cryptonite effectively acts as wiper malware, destroying the encrypted files, leaving no way of retrieving the data. 

But rather than this being an intentionally malicious act of destruction by design, researchers suggest that the reason Cryptonite does this is because the ransomware has been poorly put together.  

A basic design and what's described as a "lack of quality assurance" means the ransomware doesn't work correctly because a flaw in the way it's been put together means if Cryptonite crashes or is just closed, it leaves no way to recover encrypted files. 

There's also no way to run it in decryption-only mode -so every time the ransomware is run, it re-encrypts everything with a different key. This means that, even if there was a way to recover the files, the unique key probably wouldn't work -leaving no way to recover the encrypted data. 

"This sample demonstrates how a ransomware's weak architecture and programming can quickly turn it into a wiper that does not allow data recovery," said Gergely R