What’s the Best Strategy for Exploiting Flaws in Ransomware?


What’s the best strategy for handling a known vulnerability in ransomware that helps victims decrypt their files for free?

Security researchers and law enforcement have two options: stealth or reach. Stealth prolongs the life of the vulnerability and the ability of security teams to exploit it. Reach makes sure that more people know about it, but only so long as it exists.

This wasn’t a hypothetical scenario for DoNex ransomware. Dutch National Police published a free decryptor at the end of June, perhaps unaware that a security firm began privately circulating its own decryptor two months earlier.