Slashdot Mirror

← Back to Stories (view on slashdot.org)

DecryptorMax/CryptInfinite Ransomware Decrypted, No Need To Pay Ransom (softpedia.com)

Posted by timothy on from the mel-gibson-is-coming-after-you dept.

An anonymous reader writes: Emsisoft has launched a new tool capable of decrypting files compromised by the DecryptorMax (CryptInfinite) ransomware. The tool is quite easy to use, and will generate a decryption key. For best results users should compare an encrypted and decrypted file, but the tool can also get the decryption key by comparing an encrypted PNG with a random PNG downloaded off the Internet.

9 of 49 comments (clear)

  1. Nice tool from Emsisoft by ITRambo · · Score: 5, Insightful

    Apparently, the bad-guy equivalent of script kiddies (or toddlers) put this ransomware out. No program should be able to decrypt a "properly" encrypted file, or set of files, in a few hours. A lot of people dodged a bullet here as Emsisoft puts out great software. Kudos to them for offering this tool

    1. Re:Nice tool from Emsisoft by BLKMGK · · Score: 2

      Agree on both counts! Someone made errors and these guys were smart enough and thoughtful enough to break the crypto. Kudos!

      --
      Build it, Drive it, Improve it! Hybridz.org
    2. Re:Nice tool from Emsisoft by cfalcon · · Score: 2

      > No program should be able to decrypt a "properly" encrypted file, or set of files, in a few hours.

      No true encryption, eh?

      We have no reason to believe it's not real crypto. We have every reason to believe they screwed up their implementation.

      Do we need another word? I don't think so. Maybe if we want to abolish the notion of "ok, their files are encrypted... this is hard encryption... ok done!" as seen on pretty much any TV show. But as reported it is accurate- you aren't even picking nits, you're asking for a much greater degree of insight than a headline can really provide.

  2. Re:Really? by Anonymous Coward · · Score: 2, Insightful

    It's the majority not using Linux who are keeping the Linux users safe by being the larger target.

  3. Random .PNG file? by CanEHdian · · Score: 3, Insightful

    Why would you need a random .png from the Internet? Can't they just keep whatever part they need (header?) as part of the binary?

    --
    When the copyright term is "forever minus a day", live every day like it's the last.
    1. Re: Random .PNG file? by Anonymous Coward · · Score: 2, Insightful

      Which they could do from a .PNG file stored in the binary in advance.

  4. Re:Really? by gweihir · · Score: 2

    Does not help. Linux is making competent people a lot saver, but it will do nothing for incompetent ones, unless they are willing to pay for professional system administration. The difference is that even with professional system administration, Windows remains a problem, while Linux is not. But without it, they are both insecure.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. Odd way to release a security tool by Anonymous Coward · · Score: 5, Interesting

    I wondered why the summary has links to articles on Softpedia and Bleeping Computer instead of linking directly to Emsisoft, whose employee wrote the decryption utility. But it seems Emsisoft has dropped the ball, as they have nothing on their home page or their blog or their changelog that mentions this tool. In fact I can't find any reference to this on their site at all, which makes me suspicious about downloading it.

    Both of the articles in the summary point to a link on emsi.at instead of emsisoft.com. Domain registration and name servers point to emsi.at being a legitimate host under the control of Emsisoft, but who knows? What a weird way to release a security tool, with zero announcements on your company website and the download hosted at a URL shortener.

  6. Re:I am writing ransomware for Linux by mukinrestak · · Score: 2

    May I assume you are one of those folks that believe in the infallibility of Linux? There is already ransomware for Linux, although to the best of my knowledge most of it is in the form of a trojan, and not something that can run by itself or abuses privilege escalation. I use Linux for my daily driver, and thanks to Win 10s privacy shenanigans don't plan to ever go back, but that doesn't mean the shit's perfect. Hell, given the prevalence of linux in the web infrastructure, I could see linux ransomware having a serious boom soon. Corporations can pay a lot higher ransom than your average Joe. As for home linux ransomware, you can bet your sweet ass-meat that SteamOS will be a tempting target. Make individual customers pay up to get their machines working again, and then make Valve pay up to get you to release the rest that refused to pay in order to preserve their reputation.