When a ransomware attacker isn’t up to snuff- a rookie mistake shows hackers aren't all geniuses

tech.hindustantimes.com:

For more than two decades, ransomware attacks have been the bane of corporate IT managers and their CEOs, and a source of much research for cybersecurity professionals. An underground market for hacking and encryption tools has helped such incursions proliferate, but thankfully a recent case shows what we can learn when attackers don’t know what they’re doing. 

Unlike other cyber nuisances, such as viruses, which replicate and cause mayhem, or denial of service attacks, which bring networks to a grinding halt, ransomware is almost impossible to unwind once it’s been deployed successfully. That’s because they use encryption to lock up the files, with a secret decryption key being the only route out. 

Rather than try to undo this encryption, most victims just write off the files and restore their systems using backups. This can take days or weeks, assuming the target has good data practices, while still costing millions of dollars. It may be impossible if secure backups don’t exist. And that’s what ransomware attackers are betting on: the losses from restoring systems are so high that a target is willing to pay to get a copy of the digital key, which can decrypt the files and restore everything to normal. 

But what hackers don’t bet on is savvy cybersecurity professionals coming across rookie mistakes in the malware code that lets them reverse the encryption without paying a dime to the assailant.

A group at International Business Machines Corp.’s X-Force team did just that. Taipei-based CyCraft Corp. also managed to find the flaws and offered decryption tools for free.

In an article on IBM’s Security Intelligence website, and a recent presentation at the RSA Security Conference, the researchers outlined how they spotted an