Hacker News new | past | comments | ask | show | jobs | submit login

The common way these are "cracked" is that the C&C server - which observes payments and hands over keys - is itself compromised.

There are a lot of news articles I read about people "cracking ransomware encryption" and, aside from some early versions that had basic crypto bugs, I'm extremely suspicious of anyone claiming to do so. There are a number of companies I'm aware simply pay the ransom, then charge a huge markup to claim they "cracked the encryption", so it's better for their business to support the view there are elite hackers somehow breaking RSA every time ransomware uses it.

That's not something I thought of before. Really interesting. I wonder if this business model is legal in the US?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact