Victims infected with the MarsJoke ransomware can decrypt their files after researchers last week cracked the encryption in the CTB-Locker lookalike.
A trio of researchers from Kaspersky Lab’s Global Research and Analysis Team–Anton Ivanov, Orkhan Mamedov, and Fedor Sinitsyn–described Monday how errors in the cryptography, a/k/a Polyglot, used in the ransomware enabled them to break it.
The biggest mistake developers behind the ransomware made was in the way they implemented its pseudo-random number generator. Researchers said a weak random string in the key generator could be broken. That allowed them to search for a set of possible keys produced by the generator in just “a few minutes” on a standard PC.