252

Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted (www.darkreading.com)

submitted 1 day ago by whaleross@lemmy.world to c/programmer_humor@programming.dev

17 comments fedilink hide all child comments

Regarding Sicarii's broken decryption process, researchers said that "during execution, the malware regenerates a new RSA key pair locally, uses the newly generated key material for encryption, and then discards the private key."

top 17 comments

sorted by: hot top controversial new old

[-] DrunkAnRoot@sh.itjust.works 29 points 10 hours ago

vibe coded and ranswomare in the same sentence was not on my 2026 bingo card

[-] gustofwind@lemmy.world 10 points 8 hours ago

we need a way bigger bingo card

[-] NotMyOldRedditName@lemmy.world 7 points 8 hours ago

Brilliant lol.

[-] Cevilia@lemmy.blahaj.zone 70 points 1 day ago

Even if the malware author did correct the issue, it's unknown whether those already compromised can benefit, or if they're out of luck.

They literally said the private key was discarded. It's absolutely known whether those already compromised can benefit. They can't.

[-] Natanael@infosec.pub 12 points 9 hours ago

Well, unless they also made key generation shitty, because that's equally plausible and would likely allow RSA keys to be broken (it's surprisingly hard to generate RSA keys safely)

[-] Cevilia@lemmy.blahaj.zone 3 points 3 hours ago

I know just enough to know that I absolutely shouldn't try to roll my own encryption, and that's enough knowledge for me

[-] ElBarto@piefed.social 137 points 1 day ago

Ransomware that can't be decrypted is just destructive malware like any other.

[-] SmoothLiquidation@lemmy.world 83 points 1 day ago

I bet other ransomware creators hate this. If victims can’t even get their data back by paying, more victims will stop paying across the board.

[-] 30p87@feddit.org 105 points 1 day ago

LMAO

[-] DarkCloud@lemmy.world 38 points 1 day ago

Like a virus that kills the host, it won't spread as well and should die out faster than other types of maleware.

[-] anton@lemmy.blahaj.zone 33 points 1 day ago

Hebrew-based content appears machine-translated

Did they vibe code their false identity as well?

[-] MotoAsh@piefed.social 39 points 1 day ago

rofl of course...

[-] OnfireNFS@lemmy.world 13 points 1 day ago

So they basically created a hashing function?

[-] pivot_root@lemmy.world 54 points 1 day ago

A hash is at least consistent when given identical inputs. What they created is more like a digital incinerator.

[-] Jayjader@jlai.lu 5 points 10 hours ago

shred -f -u

[-] anton@lemmy.blahaj.zone 5 points 8 hours ago

-u would give you the space back.
The ransomware doesn't. There is a block of data, sitting there, taunting you.

[-] Jayjader@jlai.lu 1 points 8 hours ago

ehehehehe thanks for that mental image

Of course, one can always reclaim that space if the data truly is inaccessible. Makes me want to write a joke program for "cleaning up" after ransomware that just removes the data from the partition table (or whatever the equivalent for files is - would that just be rm?)

this post was submitted on 28 Jan 2026

252 points (99.6% liked)

Programmer Humor

28926 readers

1390 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev