In a twist of irony and a role reversal, the authors of TorrentLocker malware have patched an error that allowed their victims to retrieve files without paying a ransom.
The malware, which was discovered in August by researchers at iSight, was originally aimed at users in Australia but has expanded its focus to targets in the U.K. However, researchers at Nixu recently discovered that TorrentLocker used the same keystream for all file encryption, making it possible for users to reclaim their files without ponying up payment, according to a blog post from Sans Institute.
The blog warned that “one of the most important things is not to use the keystream more than once,” noting researchers “were able to recover the keystream used to encrypt those files by simply applying XOR between the encrypted file and the plaintext file.” The malware's author's have since patched TorrentLocker.