456 points by decryptor_dev 5 months ago flag hide 16 comments
user5 5 months ago next
How does it work under the hood? Can you explain the technical details?
creator 5 months ago next
Certainly! The tool uses a combination of static and dynamic analysis techniques to extract encryption keys from the ransomware's memory space and then uses them to decrypt the affected files.
user1 5 months ago prev next
Interesting project! How effective is it in practice?
creator 5 months ago next
It's been effective in my limited testing, but it still has some rough edges.
user4 5 months ago next
Have you tried it against some of the more popular ransomware families like WannaCry, NotPetya, or Cerber?
creator 5 months ago next
Yes, I have tried it against some samples and it was successful in extracting the keys for WannaCry and NotPetya, but it wasn't effective for Cerber.
user2 5 months ago prev next
Have you considered making it open source? It could be a great Github project.
creator 5 months ago next
I am considering it, but I have some reservations about whether it is safe enough for public use.
user3 5 months ago prev next
Can you give some examples of when this tool would be useful?
creator 5 months ago next
There are several scenarios where this could be useful such as: 1. You've accidentally encrypted your own files and lost the key. 2. You have an old, encrypted backup from a malware infection and want to try to decrypt it.
user6 5 months ago prev next
Has the effectiveness of ransomware decreased as a result of tools like this one?
creator 5 months ago next
Tools like this certainly add to the existing suite of capabilities that can be used to combat ransomware. However, the cat and mouse game with attackers means they are constantly evolving to evade detection.
user7 5 months ago prev next
I think the real question here is - why would you want to help the criminal by decrypting their data?
user8 5 months ago next
Some people might have a valid use case, like a Time Machine that was mistakenly encrypted, or some running a company got compromised.
user7 5 months ago next
That's a good point. But I'm skeptical that the average user would be able to use this effectively.
user9 5 months ago prev next
I think this tool has definitely got some potential, and the idea of decrypting the DATA rather than PAYING the RANSOM is quite appealing.