Slashdot Mirror


Stung By File-Encrypting Malware, Researchers Fight Back

itwbennett (1594911) writes "When Jose Vildoza's father became the victim of ransomware, he launched his own investigation. Diving into CryptoDefense's code, he found its developers had made a crucial mistake: CryptoDefense used Microsoft's Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user's data, which stored a copy of the encryption keys on the affected computer. Vildoza and researcher Fabian Wosar of the Austrian security company Emsisoft collaborated on a utility called the Emsisoft Decrypter that could recover the encrypted keys. In mid-March Vildoza had launched a blog chronicling his investigation, purposely not revealing the mistake CryptoDefense's authors had made. But Symantec then published a blog post on March 31 detailing the error."

2 of 85 comments (clear)

  1. Re:fake website by Richy_T · · Score: 4, Funny

    I take special delight in stealing the images of sites like that.

  2. Great summary by uvajed_ekil · · Score: 3, Funny

    Now I finally know what API means.

    --
    This is a hacked account, for which the owner can not be held responsible.