It is rare that the good guys help criminals, but that is exactly what the folks at BleepingComputer.com have done. Let it be stated in no uncertain terms that they should be applauded and thanked for doing so.
The problem, as reported on the BleepingComputer site, is that there is yet another variant of ransomware that is circulating online. This ransomware, however, has a fatal mistake in the code that deletes the private key required to decrypt the files after they are encrypted.
In a functioning ransomware attack, the private key is sent to the attacker’s server and stored until the ransom is paid. Once the payment is received, the key is sent to the victim to decrypt the files. If the private key is destroyed, the files are forever encrypted. A victim who has neglected to back up valuable data is often left with little choice but to pay the ransom, as the FBI recently pointed out. Imagine that you pay the ransom, and you still cannot decrypt your files. Twice burned!
Ethical choices are among the toughest and most easily debated choices. Think of the ethical questions that you have had to grapple with in your own life and how you are probably still weighing whether the choice you made was the correct one. There are newspaper columns as well as entire books and philosophical disciplines dedicated to ethics.
The folks at BleepingComputer.com had to make a tough ethical choice: help the criminals or leave the software in its unaltered state, which could further harm victims.
Lawrence Abrams, the main author of the article, states that he generally does not point out bugs in code that would aid a criminal, and I am sure that he and his team thought long and hard about publishing the correction to make the ransomware function correctly.
While the celebration may be muted, I cannot think of a better choice than the one that they made. Let’s just hope that the ransomware authors take note and correct their error, as we know that the authors will probably not change their criminal mindset.
About the Author: Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock