Hacker News new | past | comments | ask | show | jobs | submit login

well, when wannacry was around, you could "salvage" the decryption key from an infected machine before it was rebooted.

not saying your idea is bad advice but you need the full picture to counter ransomware attacks




Ironically, /dev/mem has been disabled to counter malware, otherwise you could do

    dd if=/dev/mem of=~/mem.img
to obtain an image dump which may contain the decryption key.


You could kexec a new kernel that didn't have that restriction.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: