Programming Horror

2299 readers

2 users here now

Welcome to Programming Horror!

This is a place to share strange or terrible code you come across.

For more general memes about programming there's also Programmer Humor.

Looking for mods. If youre interested in moderating the community feel free to dm @Ategon@programming.dev

Rules

Keep content in english
No advertisements (this includes both code in advertisements and advertisement in posts)
No generated code (a person has to have made it)

Credits

Icon base made by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Vacant@programming.dev

Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted (www.darkreading.com)

submitted 5 days ago by Cevilia@lemmy.blahaj.zone to c/programming_horror@programming.dev

6 comments fedilink hide all child comments

cross-posted from: https://lemmy.world/post/42319193

Regarding Sicarii's broken decryption process, researchers said that "during execution, the malware regenerates a new RSA key pair locally, uses the newly generated key material for encryption, and then discards the private key."

top 6 comments

sorted by: hot top controversial new old

[–] fiddlesticks@lemmy.dbzer0.com 2 points 4 days ago (1 children)

Tbf isn't that half the point?

[–] Cevilia@lemmy.blahaj.zone 8 points 4 days ago (2 children)

No. It isn't. If people don't get their files back, people will stop paying ransoms. This isn't ransomware. It's a bulldozer that destroys your house then asks for a tip.

[–] Vex_Detrause@lemmy.ca 1 points 4 days ago

Click Here podcast reported the oldest company in Europe, got hit by ransomware, paid but couldn't even use the decrypted data.

[–] Kissaki@programming.dev 1 points 4 days ago (1 children)

Paying is never a guarantee, and if you pay a ransom, you're always at the discretion and risk of the attacker.

The only thing this changes is that if you know the specific software that encrypted and if it's known publicly that it can not decrypt and if you know about that is that you know paying won't allow for decryption.

It's the same for paying so they don't disclose and share exfiltrated data. They're already doing illegal immoral activities, and you're hoping they will follow your agreement when you pay. But there's no guarantee.

This is why the general public guidance is to never pay ransoms. It supports those industries, gives you no guarantees on fulfillment, and whether fulfillment occurs or not, whether your money was not only wasted but will be used for further damage elsewhere, can be considered entirely random.

The attacker's goal is always betting on despair of the victim, on their grasping on even minuscule hope and at great expense.

[–] chloroken@lemmy.ml 1 points 4 days ago

Corporations pay ransoms constantly. Weekly, maybe daily. And they largely get their files back. I don't believe you have any knowledge of companies handling ransomware.

[–] ulterno@programming.dev 1 points 5 days ago* (last edited 5 days ago)

Heights of security :P