Trying to reach the Padre

[G+_Elsa Braun]

Trying to reach the Padre. You did an excellent job of explaining the WannaCry malware; I think it was on your TWT Enterprise show. I have one main question remaining on the WannaCry exploit: How would companies cope if many nodes on their network were affected and the backups ( say, they are kept on attached disk or otherwise unusable ) were also infected. If the computer owner pays up, he gets a specific decryption key for his files. In this case, where the malware could spread laterally on a network and infect multiple nodes, could they all be decrypted with the same key, or would multiple keys be needed? If cyber criminals unleash more ransom ware that can spread via a worm component, how would they keep up with managing a huge number of payments, decryption keys, and answer victim questions?

[G+_Rickbearcat]

Same key.

[G+_Travis Hershberger]

Depends on the variant. The WannaCry variant is just the first in a new line of things becoming available from the recent government leaks. WannaCry was/is really quite poorly implemented. Anyone on a *supported and updated* OS is safe from it.

[G+_Black Merc]

If i recall from the show(kh) padre mentioned a per device scheme of payment. That would suggest the use of different keys.

[G+_David Wiggins]

If also heard that the primes are still in memory after encryption, and can be recovered if no reboot, which implies a unique key per machine.

 

I think I also heard reference to it using MS' built in encryption engine.

If it was only one key, only one person would need to pay, and share with everyone else.