Victims infected with the MarsJoke ransomware can decrypt their files after researchers last week cracked the encryption in the CTB-Locker lookalike. A trio of researchers from Kaspersky Lab’s Anti-Ransom Team–Anton Ivanov, Orkhan Mamedov, and Fedor Sinitsyn–described Monday how errors in the cryptography, a/k/a Polyglot, used in the ransomware enabled them to break it. The biggest mistake developers behind the ransomware made was in the way they implemented its pseudo-random number generator. Researchers said a weak random string in the key generator could be broken.
View full story
ORIGINAL SOURCE: Threatpost