Yalon, which is based on the open-source ransomware Hidden Tear, has been primarily used to hit targets in Germany, China, the Russian Federation, India and Myanmar, Kaspersky noted. Luckily, Yalon’s creator made the mistake of using a third-party malware without checking for vulnerabilities and due to mistakes in the cryptographic scheme Kaspersky said it was able to create a decryptor.
FortuneCrypt was found to have a particularly weak cryptographic scheme enabling the files to be easily recovered, Kaspersky said, although it is quite unique being the only ransomware the company has found written in Blitz BASIC. This is a relatively simple language designed for beginners and intended to create games.
In the last year Kaspersky detected more than 6,000 attacks using the Trojan-Ransom.Win32.Crypren family, of which FortuneCrypt belongs, targeting the Russian Federation, Brazil, Germany, South Korea and Iran.
The decryptors can be found at:
https://support.kaspersky.com/viruses/disinfection/10556
https://www.nomoreransom.org/en/decryption-tools.html