This is a highly ignorant response. There is no relying on security by obscurity - that concept doesn't even apply here, because we're not describing the defenders of a system under attack. This is ransomware that has already infected the system that you're supposed to be securing. Failing to realize that if you don't publicize the method of bypassing the weakness in the ransomware then you'll be able to save more victims indicates extreme stupidity and ignorance of the basics of the field.
Moreover, "This is a game of cat and mouse" suggests that it's not valuable for more victims to have their files decrypted, which is somewhere between malicious and insane.
throw10920|11 months ago
Moreover, "This is a game of cat and mouse" suggests that it's not valuable for more victims to have their files decrypted, which is somewhere between malicious and insane.
hassleblad23|11 months ago
The immediate parent comment says that if the vulnerability is publicly declared, attackers can easily patch it.
Paraphrasing my response: not publicly declaring the vulnerability is security by obscurity.. which does not work.
Don't attack a strawman.