Fabian Wosar

From Emsisoft
Verified
Developer
I think you mean Radamant? The real fail is, that they tried to fix their broken crypto scheme and made decryption actually more reliable, because they put their stupid "**** Emsisoft and Fabian Wosar" messages into some buffers that were previous uninitialized, allowing me to determine 100% reliably whether I determined the correct key or not, without having to rely on file format recognition.

They still do the same mistake last time I checked, but they are "kinda" saved by the fact that they encrypt the first 240 bytes of the file properly, which makes guessing the key a lot more difficult, as there rarely are predictable bytes 240 bytes in to see if you got the key right. Of course they still haven't fixed the bug in their malware that causes encryption to completely fail in about 1 - 2% of all systems, when the CryptoAPI for some reason doesn't want to work as they do. Looks like error checking is an unknown concept in Russia.

But there are bigger fails to be honest. This one just has to be the most amazing, as it involves two idiots on both the VX and AV side of things:

CryptoDefense: The story of insecure ransomware keys and self-serving bloggers

Malware author forgets that the CryptoAPI creates a copy of generated keys under some conditions and leaves the private key behind on the system. Then have some marketing drone at Symantec point out the error in a detailed blog post so the malware author fixes the bug merely 24 hours later.
 
D

Deleted Member 333v73x

I think you mean Radamant? The real fail is, that they tried to fix their broken crypto scheme and made decryption actually more reliable, because they put their stupid "**** Emsisoft and Fabian Wosar" messages into some buffers that were previous uninitialized, allowing me to determine 100% reliably whether I determined the correct key or not, without having to rely on file format recognition.

They still do the same mistake last time I checked, but they are "kinda" saved by the fact that they encrypt the first 240 bytes of the file properly, which makes guessing the key a lot more difficult, as there rarely are predictable bytes 240 bytes in to see if you got the key right. Of course they still haven't fixed the bug in their malware that causes encryption to completely fail in about 1 - 2% of all systems, when the CryptoAPI for some reason doesn't want to work as they do. Looks like error checking is an unknown concept in Russia.

But there are bigger fails to be honest. This one just has to be the most amazing, as it involves two idiots on both the VX and AV side of things:

CryptoDefense: The story of insecure ransomware keys and self-serving bloggers

Malware author forgets that the CryptoAPI creates a copy of generated keys under some conditions and leaves the private key behind on the system. Then have some marketing drone at Symantec point out the error in a detailed blog post so the malware author fixes the bug merely 24 hours later.
Yes, I meant Radamant - Instead of Emsisoft they called you Emisoft :p They really need to work on spelling.
 
  • Like
Reactions: Rishi