Why don't you do the legwork instead of asking rhetorical questions?

charcircuit · 2025-03-14T20:28:28 1741984108

Legwork of what? Companies already have done the legwork to make it easy for strangers to send you money.

technion · 2025-03-14T21:13:30 1741986810

Companies that "do the legwork" of decrypting ransomware for the most part just pay the ransom on your behalf.

tsujamin · 2025-03-14T21:20:28 1741987228

Presuming this results in a cryptosystem change for Akira, there’s a real number of victims who won’t get their data back as a result of this disclosure.

Whether the number is more than that of victims to date who can recreate this? Who knows

bawolff · 2025-03-14T22:08:49 1741990129

How would they get their data back if someone theoretically knows how to decrypt but never tells anyone.

tsujamin · 2025-03-15T01:53:59 1742003639

I can’t remember the example (it was a conference talk a few years ago), but I’m pretty sure there’s LE and DFIR companies who also reverse this stuff and assist in recovery, they just don’t publish the actual flaws exploited to recover the data.

bawolff · 2025-03-15T05:31:59 1742016719

Key being generated insecurely is hacking crypto systems 101. The mere fact someone can reverse it probably means this is the first thing to check.

not2b · 2025-03-14T21:29:49 1741987789

It was already disclosed to the bad guys that someone managed to break their encryption, when they didn't get paid and they saw that the customer had somehow managed to recover their data. That probably meant they might go looking for weaknesses, or modify their encryption, even without this note.

Other victims whose data were encrypted by the same malware (before any updates) could benefit from this disclosure to try to recover their data.