Regarding Sicarii’s broken decryption process, researchers said that “during execution, the malware regenerates a new RSA key pair locally, uses the newly generated key material for encryption, and then discards the private key.”
“ransomware can’t be decrypted” implies the ransomware itself can’t be decrypted, ugh
Ransomware that can’t be decrypted is just destructive malware like any other.
I bet other ransomware creators hate this. If victims can’t even get their data back by paying, more victims will stop paying across the board.
LMAO
Even if the malware author did correct the issue, it’s unknown whether those already compromised can benefit, or if they’re out of luck.
They literally said the private key was discarded. It’s absolutely known whether those already compromised can benefit. They can’t.
Well, unless they also made key generation shitty, because that’s equally plausible and would likely allow RSA keys to be broken (it’s surprisingly hard to generate RSA keys safely)
I know just enough to know that I absolutely shouldn’t try to roll my own encryption, and that’s enough knowledge for me
vibe coded and ranswomare in the same sentence was not on my 2026 bingo card
we need a way bigger bingo card
rofl of course…
Hebrew-based content appears machine-translated
Did they vibe code their false identity as well?
So they basically created a hashing function?
A hash is at least consistent when given identical inputs. What they created is more like a digital incinerator.
-uwould give you the space back.
The ransomware doesn’t. There is a block of data, sitting there, taunting you.ehehehehe thanks for that mental image
Of course, one can always reclaim that space if the data truly is inaccessible. Makes me want to write a joke program for “cleaning up” after ransomware that just removes the data from the partition table (or whatever the equivalent for files is - would that just be
rm?)
Brilliant lol.
