Proofpoint brings us news that the makers of the CryptXXX ransomware have patched a vulnerability in their product which allowed various antivirus companies to produce "decryptor" products which would recover user files without payment. Numerous ransomware producers have seen their revenue suffer as antivirus companies produced software that exploited vulnerabilities in their ransomware to circumvent payment. If other ransomware ventures follow the example of CryptXXX in improving their own products, the industry as a whole could see substantial growth over the next year.
 |
Qntra - Herald Of The Most Serene Republic |
Can't escape the tax on Windows
These "ransomware decryption tools" are about the most suspicious damn thing I've ever seen. Aka, security company releases malware then comes riding to the rescue with the fix. Fame and praise ensues.
Seriously, think about it. Assuming the badguy is using an asymmetric cryptosystem, the only sort of "vulnerability" that could rescue users would be them leaking the freaking private key. Not just leaking it, but leaking it IN THE MALWARE. Far more likely is a vulnerability that leaves users unable to decrypt even if they pay the ransom, but we haven't heard of many of those, have we?
Now, I know there are fuckups that can cause private key leakage. Poor-quality random number generators, etc, etc. They happen. What are the odds they happen MULTIPLE TIMES in an "industry" that's less than a year old?
Something stinks.
What are the odds of it happening in bitcoin all the time?
Thankfully for us, the 'bad guys' suck just as much as everyone else.
Seeing how "Computer Security" companies are just about on par with POD/Vanity publishers, gasoline-realligning-magnet salesmen and homeopathy practitioners – which is to say outright if obscure scammers, I'd be rather surprised if the whole charade is not exactly what you describe. Moreover, parsimony requires we proceed on the basis of that assumption in any discussion of them and their practices.