Badly-Coded Ransomware Locks User Files and Throws Away Encryption Key

An anonymous reader writes: A new ransomware family was not tested by its developer and is encrypting user files and then throwing away the encryption key because of an error in its programming. The ransomware author wanted to cut down costs by using a static encryption key for all users, but the ransomware kept generating random keys which it did not store anywhere. The only way to recover files is if users had a previous backup. You can detect it by the ransom message which has the same ID:qDgx5Bs8H

Like the old viruses

So it's like the old fashion viruses that actually cause damage to your system then.

This would have never happened.

If the author decided on an open source project, the community could have found and developed a fix during beta testing.

What a role model

[Opportunist]

I always thought we should lock up those bastards and throw away the key. Shall we take it as a recommendation how he wants to be treated when we catch him?

DUMB

[jez9999]

Disasters Usually Motivate Backups

Re:Usually the case

[Sqr(twg)]

Nope, apparently they do give you the decryption key, once you pay. If word of mouth was that it doesn't help to pay, then a lot less people would pay the ransom.

So this guy is destroying a very lucrative business model for some very evil people. It will probably not end well for him.

Re:Developers...

[meerling]

For optimal software testing, you need several types of testers.
The dev - Someone who knows how to code and what this software is supposed to do, and intimately.
The hacker - Someone who knows how to code, and doesn't care what the software wants because dammit, he's going to make it dance a frigging jig for giggles.
The user - Doesn't know coding, but knows the subject the software is based around because he's the one that uses it. He knows exactly what it needs to do and what he wants it to do and will gladly tell you how you are failing in that.
The ignorant - Can't code, doesn't want to, isn't sure if this computer thing is actually filled with enslaved magic pixies. If there's anyone that will do something no intelligent rational person will ever think of, the ignorant is king. You'd be amazed how many show-stopper bugs have been found by them.

Re:Usually the case

[radarskiy]

This is why we can't have nice hostages.

Ummmm... about that linux "ransomware"

[StevenMaurer]

Now that we've decided to help bug-fix ransomware, anyone consider its usability?

"Once launched with administrator privileges, the Trojan loads into the memory of its process files containing cybercriminals' demands:"

In other words, it probably goes something like this:

% tar -xf "ransomware-dontrunme-whatareyouanidiot?.tar"
% cd ransomware-dontrunme
% ./configure > /dev/null 2>&1
% make > /dev/null 2>&1
% make install > /dev/null 2>&1
%./runransomware
Error: Permission denied. Please run as root.
% sudo ./runransomware
Password:
Segfault in libc.so. Please reinstall.

Followed by much sighing, and trying to google what the problem is.

See, this is the problem with the Linux desktop. Even installing malware is just too darned complicated.

Re:Windows

[Grishnakh]

A malware app that someone has to be dumb enough to manually install is one thing, getting infected with something because your web browser or your email program is vulnerable is another. Most of the Windows malware I've heard about doesn't require someone to manually install software, it's as easy as clicking on the wrong link in IE.

Also, a lot of Windows malware seems to thrive because Windows is homogeneous. Remember that Lenovo malware that was (still is I think) baked into their laptops' BIOS, and would replace a critical Windows system DLL? That stuff only works because Windows is so uniform. If someone has Windows 8.1 installed, then you can count on that DLL being there, and you can count on being able to replace it with a modified DLL and have things work out the way you expect. This just isn't the case with Linux: every distro is different, files are in different places, files are not binary compatible (you can't just take libfoo.so.4.2.1.0 from Ubuntu and drop it into an Arch install and expect it to work), distros change versions every 6 months (so libfoo.so from Mint 17 is incompatible with libfoo.so from Mint 17.1), systems don't even use the same init system and low-level utils (Ubuntu and Mint still use upstart, Slackware still uses sysvinit), etc. Everything works fine because of package management and distros building everything all together at once, but malware expecting to monkey with the internals simply won't work because there's too many variables.

Yes, if someone distributes some Linux dancing-monkey malware, there's nothing you can do to prevent people from being stupid and installing it, but I haven't heard about this attack vector being a serious problem on *Windows* for a long time. Even the Windows users aren't that naive any more; they've had this stuff drilled into their heads for years. They're getting infected in other ways.

Re:Just asking......

What the hell is wrong with people like you? It's not that the guy isn't a first class cunt, but what sort of poorly controlled emotion causes a person to warm to the idea of torture and death? I sometimes wonder whether some humans have a repressed bloodlust and they use righteous indignation as an excuse to bring it out.

Sure, lock the guy up, seize everything, whatever, following due process. Be more civilised than he is, not less.