
Ransomware developers ask for help with CryptoAPI from security researcher - kagebe
http://www.bleepingcomputer.com/news/security/ransomware-developer-asks-security-researcher-for-help-in-fixing-broken-crypto/
======
ploek
The currently tremendous success of their business model relies on their
reputation being that if you pay, you actually get your data back. Once that
reputation is destroyed, their market is going to crash. So I say: don't help
them, let them destroy their reputation and be their own undoing. Good
riddance.

~~~
dvdhnt
> let them destroy their reputation and be their own undoing

My only concern is that their "reputation" is one perceived inside our sweet
tech bubble. Basically, people like my parents and cousins from rural [Insert
Southern State Here] have no idea what ransomware is. I reckon that the
average computer-user doesn't either and may not know what to make of the
results from a Google search on the subject.

That being said, in crisis mode, it's likely victims would go on to pay for
their files to be decrypted depending on whether or not they can afford to do
so. To me, this is similar to a government saying "we don't negotiate with
terrorists". That's all well and good if you're the government and have
tactical teams trained to carry out extractions if you're the one kidnapped.
However, the family of your average citizen, like your average computer-user,
may be more than willing to negotiate with said terrorists if it means
ensuring their loved ones (or files) are returned unharmed. IMHO.

------
RcouF1uZ4gsC
Wosar should help them, but make it so there are subtle weaknesses that can be
used to break their encryption.

~~~
campuscodi
The help will probably be a one-two liner. Not enough to hide a backdoor

