SK shieldus white-hat hacker group EQST (Experts, Qualified Security Team) analyzed the encryption and deletion logic of the recently spreading ransomware "ArgonWiper" and released a decryption tool on the 2nd.
EQST also distributed a profiling report containing the results of this analysis. The report includes ArgonWiper's hacking patterns, encryption method, backup file creation rules, and indicators of compromise (IoC) that can be used in recovery procedures. The committee expects it will also help research on decrypting ransomware with similar structures.
ArgonWiper has blocked recovery attempts by deleting or overwriting original data after encryption. EQST said it established a recovery path by tracking structural clues in the encryption routine, without relying on key leaks or accidental errors. Observers say this proves the possibility of recovery even for wiper-type ransomware.
SK shieldus plans to use this achievement to strengthen its ransomware response capabilities. Previously, EQST presented a browser vulnerability at the European security conference "Hack.lu," and at "Pwn2Own Automotive 2025," it succeeded in hacking a BMW vehicle, continuing its presence on the international security stage.
Kim Byung-mu, head of SK shieldus's cybersecurity division, said, "The release of this tool is meaningful in that it presents a practical countermeasure against ransomware attacks long thought difficult to recover from," and added, "We will continue to support corporations in minimizing damage and restoring systems quickly."