There is a particularly devious type of malicious software that locks users out of their own computer systems until an individual agrees to pay a ransom to the hackers. In these cases, the FBI has surprisingly suggested just ponying up the dough.
It's not the type of advice one would typically expected from the FBI, but that's exactly what was recommended by Joseph Bonavolonta, the assistant special agent in charge of the FBI's CYBER and Counterintelligence Program Boston office.
"The ransomware is that good," said Bonavolonta at the 2015 Cyber Security Summit in Boston, as quoted by Security Ledger. "To be honest, we often advise people just to pay the ransom."
Yeah, it's RT, but I did a search, and that or similar headlines popped up on dozens of news sites. I clicked a couple of them, and the stories match. Try this one,
https://thehackernews.com/2015/10/fbi-ransomware-malware.html
Personally, I can almost certainly afford to nuke and reinstall, unless they get my RAID array. Then - I'd have to think hard.
(Score: 2) by jimshatt on Thursday October 29 2015, @02:20PM
(Score: 1, Informative) by Anonymous Coward on Thursday October 29 2015, @02:36PM
If you know the full unencrypted data, "decryption" is trivial: Just write the unencrypted data back to its original place.
Otherwise, I'd expect them to use encryption algorithms where no known-plaintext attacks are known, so your partial knowledge probably won't help you.
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @05:58PM
Theoretically let say you had one file that was the same as the stuff that had been encrypted. Could you encrypt that one file with every possible key and then compare it to the encrypted version to find the correct key?
(Score: 0) by Anonymous Coward on Thursday October 29 2015, @11:04PM
Related question -- theoretically
What if my backups weren't current, but were good for everything a month old or older. In that month I might have changed a hundred important files. Given that I have unencrypted versions of nearly all my files (many thousands...), could that help to decrypt the recent ones that were hit by ransom ware?
Separate question -- is there any type of "inoculation" available that could run in the background and watch for (and kill) any process that was encrypting files? I don't normally encrypt any of my local files...
(Score: 2) by darkfeline on Friday October 30 2015, @12:29AM
>theoretically
>every possible key
Yes, you'll just need to wait for the heat death of the universe, and having any number of non-encrypted files makes no difference, you need a known-plaintext vulnerability for that.
Join the SDF Public Access UNIX System today!