Become a fan of Slashdot on Facebook


Forgot your password?
Crime Security Windows

Stung By File-Encrypting Malware, Researchers Fight Back 85

itwbennett (1594911) writes "When Jose Vildoza's father became the victim of ransomware, he launched his own investigation. Diving into CryptoDefense's code, he found its developers had made a crucial mistake: CryptoDefense used Microsoft's Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user's data, which stored a copy of the encryption keys on the affected computer. Vildoza and researcher Fabian Wosar of the Austrian security company Emsisoft collaborated on a utility called the Emsisoft Decrypter that could recover the encrypted keys. In mid-March Vildoza had launched a blog chronicling his investigation, purposely not revealing the mistake CryptoDefense's authors had made. But Symantec then published a blog post on March 31 detailing the error."
This discussion has been archived. No new comments can be posted.

Stung By File-Encrypting Malware, Researchers Fight Back

Comments Filter:
  • by Wapiti-eater ( 759089 ) on Thursday April 10, 2014 @11:29AM (#46714717)
    The myth that the 'security' industry is at the root of the problem
  • Re:disclosure (Score:4, Insightful)

    by Last_Available_Usern ( 756093 ) on Thursday April 10, 2014 @11:55AM (#46715049)
    It must be at least mildly effective if the only legitimate means of unencrypting the data was a copy of the keys that only a set of researchers dedicated to the issue were able to find.
  • Re:fake website (Score:4, Insightful)

    by gstoddart ( 321705 ) on Thursday April 10, 2014 @12:11PM (#46715227) Homepage

    It has an "onunload" function that pops up an error message

    And this is why I don't allow javascript to run on arbitrary sites.

    Because javascript can be used to do way too many annoying things. Like websites which think they can disable my right click (so I can use the back button) because they think I'm going to steal their images.

    It's also why Flash doesn't get installed on machines I control.

  • by Anonymous Coward on Thursday April 10, 2014 @12:36PM (#46715467)

    Yeah, it would've been much harder for the attackers to reverse his utility right? Anything that monitors file accesses would've seen what files it was accessing. I don't disagree the AV company made a mistake because they wanted publicity but I don't think what they did was as significant as you might think.

  • Re:disclosure (Score:4, Insightful)

    by marciot ( 598356 ) on Thursday April 10, 2014 @12:48PM (#46715567)

    I've spent years trying to dissuade people from using (old) Excel's password "protection" due to the false sense of security. That Win API has the same effect—convinces the masses they're employing secure means when in fact they're not.

    I think recent events have shown that relying on security of any kind leads to a false sense of security (examples: NSA backdoors, OpenSSL bugs, WEP vunerabilities, etc). We'd all be much safer if we simply assumed there was no such thing as security.

  • by leereyno ( 32197 ) on Thursday April 10, 2014 @01:42PM (#46716097) Homepage Journal

    Future victims of this criminal organization should sue Symantec.

    Class action lawsuit.

    I also think that criminal charges for aiding and abetting would apply as well.

  • by mysidia ( 191772 ) on Thursday April 10, 2014 @02:11PM (#46716473)

    Because, if you publicize how you caught their error, they can fix it.

    Exactly. They publicized the methods solely for marketing purposes -- so they could write a "ME TO" article, showing how their "researchers" are "On top" of security, and stealing thunder from the developer of the free Decryption software.

    Because we're big Symantec, and we can't have third parties scooping us on antimalware techniques.

    It also helps their product by making sure the authors of ransomware learn from mistakes, so future ransomware is more robust, AND therefore, users will have greater damage by ransomware in the future, increasing the demand for Symantec's products.

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984