Ransomware Industry Tightening Product Quality

Proofpoint brings us news that the makers of the CryptXXX ransomware have patched a vulnerability in their product which allowed various antivirus companies to produce "decryptor" products which would recover user files without payment. Numerous ransomware producers have seen their revenue suffer as antivirus companies produced software that exploited vulnerabilities in their ransomware to circumvent payment. If other ransomware ventures follow the example of CryptXXX in improving their own products, the industry as a whole could see substantial growth over the next year.

5 thoughts on “Ransomware Industry Tightening Product Quality

  1. These "ransomware decryption tools" are about the most suspicious damn thing I've ever seen. Aka, security company releases malware then comes riding to the rescue with the fix. Fame and praise ensues.

    Seriously, think about it. Assuming the badguy is using an asymmetric cryptosystem, the only sort of "vulnerability" that could rescue users would be them leaking the freaking private key. Not just leaking it, but leaking it IN THE MALWARE. Far more likely is a vulnerability that leaves users unable to decrypt even if they pay the ransom, but we haven't heard of many of those, have we?

    Now, I know there are fuckups that can cause private key leakage. Poor-quality random number generators, etc, etc. They happen. What are the odds they happen MULTIPLE TIMES in an "industry" that's less than a year old?

    Something stinks.

    • Seeing how "Computer Security" companies are just about on par with POD/Vanity publishers, gasoline-realligning-magnet salesmen and homeopathy practitioners – which is to say outright if obscure scammers, I'd be rather surprised if the whole charade is not exactly what you describe. Moreover, parsimony requires we proceed on the basis of that assumption in any discussion of them and their practices.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>