Looks like it’d be pretty trivial to guess the encryption keys, though – the only source of entropy used is the current time in seconds. Assuming the time of infection is within the last thirty days, that’s only about 2.6 million keys to brute force. Or am I missing something?
Hmm they’re giving people a big monetary incentive to find them rather than paying them to go away.
I’d imagine the type of company that can pay $250k worth of important data would have a professional set-up with back-ups. But I might be being too presumptive.
Another thing is getting that much BTC would be a huge hassle and probably end up adding a ~10% premium.
This seems like a bigger gamble than the typical ransomware fees.
But even if victims do reach deep into their pockets, the probability that the attackers will decrypt the files is small.
It’s also critically important they decrypt it otherwise people will stop paying the fee entirely.
[Comment removed by author]
And the alternative of “finding them” ultimately won’t necessarily help the business recover, according to the article
Well, I imagine that the advanced type of resources it takes to hunt down hackers at the FBI and elsewhere require some big motivation and each of these attacks is high profile by nature, more so than the other usual rinky-dink randomware. But I guess both types are pretty bad, just quality over quantity.
I’m mostly just not sure what the criminals business model is here. Because I don’t see it working very well.
The article describes this as an attack on the Ukraine’s infrastructure. As you point out, criminals don’t have a strong incentive to do that unless they’re going to get money from it.
But there’s an APT for whom this makes perfect sense - the same one that has been using its associated physical military in that area for a few years now. State actors have motives that aren’t money.
This truly is the year of Linux on the Desktop!