cross-posted from: https://lemmy.world/post/42319193
Regarding Sicarii’s broken decryption process, researchers said that “during execution, the malware regenerates a new RSA key pair locally, uses the newly generated key material for encryption, and then discards the private key.”
Tbf isn’t that half the point?
No. It isn’t. If people don’t get their files back, people will stop paying ransoms. This isn’t ransomware. It’s a bulldozer that destroys your house then asks for a tip.
Click Here podcast reported the oldest company in Europe, got hit by ransomware, paid but couldn’t even use the decrypted data.
Paying is never a guarantee, and if you pay a ransom, you’re always at the discretion and risk of the attacker.
The only thing this changes is that if you know the specific software that encrypted and if it’s known publicly that it can not decrypt and if you know about that is that you know paying won’t allow for decryption.
It’s the same for paying so they don’t disclose and share exfiltrated data. They’re already doing illegal immoral activities, and you’re hoping they will follow your agreement when you pay. But there’s no guarantee.
This is why the general public guidance is to never pay ransoms. It supports those industries, gives you no guarantees on fulfillment, and whether fulfillment occurs or not, whether your money was not only wasted but will be used for further damage elsewhere, can be considered entirely random.
The attacker’s goal is always betting on despair of the victim, on their grasping on even minuscule hope and at great expense.
Corporations pay ransoms constantly. Weekly, maybe daily. And they largely get their files back. I don’t believe you have any knowledge of companies handling ransomware.