Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stung By File-Encrypting Malware, Researchers Fight Back

Posted by timothy on from the picked-the-wrong-guys dept.

itwbennett (1594911) writes "When Jose Vildoza's father became the victim of ransomware, he launched his own investigation. Diving into CryptoDefense's code, he found its developers had made a crucial mistake: CryptoDefense used Microsoft's Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user's data, which stored a copy of the encryption keys on the affected computer. Vildoza and researcher Fabian Wosar of the Austrian security company Emsisoft collaborated on a utility called the Emsisoft Decrypter that could recover the encrypted keys. In mid-March Vildoza had launched a blog chronicling his investigation, purposely not revealing the mistake CryptoDefense's authors had made. But Symantec then published a blog post on March 31 detailing the error."

5 of 85 comments (clear)

  1. Wich only serves to further by Wapiti-eater · · Score: 4, Insightful

    The myth that the 'security' industry is at the root of the problem

    --
    Senior NCO in the fight against entropy. I've seen things, man. Things no one should have to see.....
    1. Re:Wich only serves to further by v1 · · Score: 5, Interesting

      WHY is it okay for Symantec to do this?

      The more relevant question to ask is "Why DID Symantec do this?" A more interesting question would be "Why did Symantec break the law?" They didn't do that, but the answer to all three is the same.

      "because it helps them make money".

      In this particular case, the fear of ransomware helps Symantec sell their product. So a researcher doing something to combat ransomware hurts Symantec's business. So they do what they can do, to protect their profits. In this case, it's even legal for them to do it. So it's a no-brainer.

      You simply have to expect this sort of behavior from any big business. There's no point in being confused or shocked by it.

      A month from now they will be able to make a new press release, "Two months ago security researchers dealt a blow to ransomware, protecting users and devaluating our product. Today, we're pleased to announce the ransomware developers have made the necessary fixes to their code outlined in our recent publication, and once again, Symantec is your only defense against ransomware!"

      --
      I work for the Department of Redundancy Department.
  2. Of course Symantec did that... by Last_Available_Usern · · Score: 4, Interesting

    It's in Symantec's interest that the authors mitigate the weakness in their malware so the threat will permeate through media and people will continue to be terrified into buying copious amounts of security software that in most cases won't even mitigate the risk.

  3. Why the Antivirus Era Is Over by Martin+S. · · Score: 5, Informative

    They can't keep up with the known threats

    Comparative reviews since February 2009 - February 2014

    Out-maneuvered by new threat vectors

    Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt

    Conventional security software is powerless against sophisticated attacks like Flame, but alternative approaches are only just getting started.

    Some of them even get it, Eugene Kaspersky admits :

    The contemporary antivirus industry and its problems

  4. Re:fake website by Richy_T · · Score: 4, Funny

    I take special delight in stealing the images of sites like that.