Ransomware decryptor


#1

[Permalink]


#2

April 17 update: 711 decryption keys added to the database

I thought the whole point of modern encryption algorithms was that the keyspace was computationally unfeasible to traverse. Are these criminals idiots?


#3

Crime and idiocy do tend to go hand in hand. Consider Florida man.

I wonder if regular backups would defeat these guys?


#4

Maybe not that clear cut.

Let’s say everyone gets on the Nightly Backup bandwagon tomorrow.

That severely reduces everyone’s tendency to pay out to the ransomware authors.

So then the ransomware authors just start selling all your work files to the Chinese, your identity docs to the Russians, and your sexy selfies to Porn sites.


#5

Then again, there’s 0 assurances that they are NOT doing this now.


#6


#7

Wanna bet there is a niche of consumers for just such things, riding somewhere on the Long Tail?


#8

You were cuter when you were in first grade.


#9

You do realize some of us are highly suggestible --and that search algorithms make the longest tails eminently searchable? You sir, are a monster!


#10

You promised you were going to delete that!


#11

I’m only familiar with automatic incremental backups. And those might well be vulnerable to infection.


#12

If they’d do versioning, then the infection moment would be easy to find and the files could be selectively rolled back.


#13

Long Tail porn is a thing?

No, don’t answer: I don’t want to know.


#14

You have two choices.

One involves a dry academic analysis of the digital pornography industry

The other apparently involves dragons.


#15

At the same time you’re getting everyone loaded onto the Nightly Backup Bandwagon, hitch up the Encrypt Your Important Stuff trailer to it.


#16

Yeah, sure, that helps prevent data loss in case of theft. Awesome if you are visiting China. (There is no sarcasm here. I know a guy who brought a black light and luminol on a business trip, and day 3 saw fingerprints on his laptop when he took it out of the hotel safe).

Really, we need to get people on the AdBlock/Good-porn-browsing-habits/Don’t-Click-The-Phishing-Email bandwagon.

Full disk encryption is great, but unfortunately, when you click on stupid stuff that malware gets encrypted too.

I don’t think too many people here are Windows users, but as an aside, I do understand that UAC is annoying, but FFS don’t turn it off!


#17

In addition to full-disk you can gpg your confidential files so that even if your TOP_SEKRIT folder falls into the wrong hands, it’s unsellable.

Backups to protect against ransom demands, encryption to protect against the sale and dissemination of your data.

But yeah, the AB/GPBH/DCTPE wagon would be good too.


#18

Totally different question here:

How do we automate all this?

The reason I ask is that I have seen many examples of folks that should know better forgetting to do so, because there’s too many steps involved, and no reminders to do so. I’m as guilty as anybody for periodically doing this.

The rigor is easy when you could get fired for not doing so. Is there any solutions out there that can bring all this to Joe User, as well as Joe Forgetful Professional?


#19

If you’re willing to pay, carbonite does automated, incremental backups to the cloud.

Windows has transparent encryption with bitlocker. Or you could use one of the truecrypt spinoffs.

While I do my own cloud backups, I don’t use an advertized service. Instead I bought a virtual nas slot from a local ISP, and set it up myself, so unlike carbonite, my solution isn’t a well known target for external attack.

The really bad guys don’t want to do the hard work of pwning private citizens. They want to get ahold of popular backup service’s data so they can own thousands of people’s data in one fell swoop.


#20

You have some funky, funky friends, my friend.