The team discovered that the ransomware’s random number generator (RNG) for IV generation used GetTickCount() without entropy mixing. On systems rebooted within a predictable window (less than 49.7 days), the IV collision probability exceeded 0.32. This meant that two encrypted files on the same machine might reuse the same IV for different AES keys, enabling a known-plaintext attack if one small file’s plaintext could be guessed (e.g., a default header like %PDF-1.5).
Furthermore, the RSA implementation was not using OAEP padding but PKCS#1 v1.5, making it theoretically vulnerable to the Bleichenbacher oracle attack if a decryption oracle existed. However, the decryptor instead exploited the IV weakness.
Avast provides a single executable that scans for over 30 known ransomware families, including recent Thundersoft mutations.
Preparation (before an incident)
Detection and containment (during suspected compromise)
Recovery and remediation (after containment)
Dealing with ransom demands
Detection rules and indicators to add to monitoring
Quick checklist for immediate action
The criminals behind the ransomware offer a decryptor after receiving payment. This tool is unique to each victim because it contains the private RSA key that matches the public key used during encryption. Paying the ransom is never recommended, as it funds further criminal activity and does not guarantee file recovery. Thundersoft Decryptor
Run a full system scan with an updated antivirus (e.g., Malwarebytes or Windows Defender Offline). Do not skip this step, as an active ransomware process can re-encrypt files during decryption.
The ransomware utilizes the Windows CryptoAPI CryptGenRandom for session key generation. However, a logic error in the wrapper function seeds the random number generator with a timestamp (Unix epoch) that is only precise to the second.
Because the infection process is rapid, the "random" AES key is effectively derived from a predictable seed. By determining the exact timestamp of the infection (available in the system logs or file metadata of the ransom note), the decryptor can mathematically reconstruct the AES session key. The team discovered that the ransomware’s random number
While effective against the current dominant strains of Thundersoft, the tool has limitations:
Once executed, the malware performs the following steps:
LivelyPortal © 2026
