So they handed over the keys to TeslaCrypt... Since these types hate to lose income, I wonder what they're up to? A bigger and better ransomware in the wings?
White hats bake TeslaCrypt master key into universal decryptor
The authors of the TeslaCrypt ransomware have handed over their master keys in what appears to be a decision to kill off the net menace. An Eset researcher noticed the gradual decline of TeslaCrypt and, posing as a victim, asked the malware authors for a key. The authors surprisingly offered a free master key and the security …
COMMENTS
-
-
Thursday 19th May 2016 07:36 GMT Anonymous Coward
Agreed.
The chances of this being a charitable move seem a bit unlikely. Methinks a more potent version is on the cards. If the original crudware made em $$$ then another, better, faster, stronger version will surely have the same effect.
Of course, according to our leaders, banning all encryption technologies would mitigate this scenario.
#Sarc
-
Thursday 19th May 2016 07:50 GMT Nigel 11
Another possibility
A three-letter agency tracked the criminals down and gave them two choices: terminate the malware themselves without prejudice, or be terminated themselves with extreme prejudice.
This stuff is costing hard-pressed governments billions, and could cost the people in power their positions. So the James Bond approach is not unlikely.
-
Friday 20th May 2016 08:45 GMT Seajay#
Re: Another possibility
I think the James Bond approach is very unlikely.
If the FBI can credibly threaten you with harm, they can arrest you. Even if they didn't want to prosecute because they didn't want to reveal their methods, why would they want to turn down the great publicity they wouldn't get for releasing the key?
"Here's the key to get your family photos back Senator. By the way, the Federal funding review is coming up soon. Also, how are things going with those new laws to remove that pesky Fourth Amendment?"
-
-
Thursday 19th May 2016 16:22 GMT NoneSuch
"Organisations should keep backups of important data in offline sources and have a response plan in place should ransomware hit their networks."
The IT Response Plan: Sack the meathead responsible for browsing hard core porn sites on their work laptop causing several thousand dollars in IT Dept. time and effort to reverse.
The Executives Response Plan: Cut the VP Of Marketing some slack. It won't happen again.
-
-
Thursday 19th May 2016 08:04 GMT goldcd
Simply cashing out?
Once you've made your big pile of ransom money, next thing you worry about is getting to keep it.
Should you wish to help focus the attention of the authorities elsewhere, this seems an exceptionally good way of doing it.
Teslacrypt is no longer a threat, so who's going to be going to their boss to justify tracking them down now?
-
-
Friday 20th May 2016 08:32 GMT Seajay#
Re: Simply cashing out?
Pretty sure law enforcement doesn't just say "it's all in the past, all is forgiven!! No no - keep your ill gotten gains, we're good now!"
True but they do say "Right, we've got a very limited pool of cyber investigators. Where do we deploy them? Investigating Cryptoxxx which is the biggest threat and can't be decrypted or investigating TeslaCrypt which was big a few months back but now isn't generating any new infections and has a decryption tool out?"
-
Thursday 19th May 2016 14:23 GMT Aodhhan
Re: Simply cashing out?
Good point.
Also a huge attack on someone's conscience and a fear coinciding with realizing the victims are in many countries. This is a lot of jurisdictions and a lot of time you'll get. I'm thinking I wouldn't want to end up in an eastern European or Russian prison (or both) for the next 3 years times how ever many jurisdictions want to prosecute you.
In about 6-12 months, this individual may be able to sleep comfortably and enjoy his life without fear of authorities clamping down on him.
-
-
Thursday 19th May 2016 09:53 GMT Anonymous Coward
I think a more plausible suggestion as to the why is that this ransom ware is being used by multiple groups and this person decided that the best way to gain a better market share with a new ransom ware was to render the previous version useless before those affected closed some of the attack vectors.
-
-
Thursday 19th May 2016 13:16 GMT Prst. V.Jeltz
Re: So after the last Reg article...
@TechnicalBen,
I think that waiting and hoping that the cryptoware authors have an attack of conscience and just hand over the keys is not really a realistic option. Although , granted, it appears to have worked in this case.
Its similar thinking to "I play the lottery, despite astronomical odds that the human brain cant even grasp properly , because 'Someone Has To Win It' "
which isnt even true.
-
Friday 20th May 2016 08:26 GMT Seajay#
Re: So after the last Reg article...
It depends how urgently you need the data.
- Rarely the keys get handed over.
- Occasionally the perpetrators are caught and the keys seized.
- Fairly often a weakness is found in the encryption.
All of those can happen on a ~1 year timescale.
Computing power continues to increase, IBM recently made a quantum computer available on the net. Given 10 years, I wouldn't be surprised it the great majority of current encryption is broken.
That's too long to wait if your lost data is the sole copy of your dissertation which needs to be handed in next week. If it's just your honeymoon photos which you would prefer to have back but aren't disastrous to lose, it could be worth the wait.
-
-
-
This post has been deleted by its author