Ransomware developers ask for help with CryptoAPI from security researcher
bleepingcomputer.comThe currently tremendous success of their business model relies on their reputation being that if you pay, you actually get your data back. Once that reputation is destroyed, their market is going to crash. So I say: don't help them, let them destroy their reputation and be their own undoing. Good riddance.
> let them destroy their reputation and be their own undoing
My only concern is that their "reputation" is one perceived inside our sweet tech bubble. Basically, people like my parents and cousins from rural [Insert Southern State Here] have no idea what ransomware is. I reckon that the average computer-user doesn't either and may not know what to make of the results from a Google search on the subject.
That being said, in crisis mode, it's likely victims would go on to pay for their files to be decrypted depending on whether or not they can afford to do so. To me, this is similar to a government saying "we don't negotiate with terrorists". That's all well and good if you're the government and have tactical teams trained to carry out extractions if you're the one kidnapped. However, the family of your average citizen, like your average computer-user, may be more than willing to negotiate with said terrorists if it means ensuring their loved ones (or files) are returned unharmed. IMHO.
So tarnish their reputation. The researcher should report back that he did not fix the issue. Loudly and publicly denounce cooperation with them as they are willing to trash your data and take your money.
But secretly he actually fixes the issue.
Wosar should help them, but make it so there are subtle weaknesses that can be used to break their encryption.
The help will probably be a one-two liner. Not enough to hide a backdoor