To all malware researchers, if you analyze a malware sample and find a flaw in the program that is going to help victims recover their files, please shut the hell up. Yes, I get it. You want the publicity and you want the page impressions, but in reality all of the press and publicity are simply hurting the people you are trying to protect. Instead, you could have easily gotten the attention you wanted by releasing a decryption program or helping people behind the scenes until the malware developer figured out what was wrong by themselves. By publicly releasing the information and giving tips on how the malware developer should properly code their ransomware, you are guaranteeing that they will fix their coding flaws and release a more dangerous program.
This has obviously been shown with TorrentLocker where three researchers recently disclosed in a blog post the flaws in the TorrentLocker encryption method. In fact they went so far as to actually give tips on how to make the encryption more secure. What happened after this blog post? The devs put out a new variant that uses a stronger encryption method and makes it so we can't help people recover their files for free. This same issue also happened with the CryptoDefense ransomware. Fabian Wosar, a security researcher of Emsisoft, had discovered a flaw in the ransomware where the private encryption keys were being left behind on the victim's computers. He was then privately helping CryptoDefense victims through email at his company and via private messages on various forums, including BleepingComputer.com. That was until Symantec decided to blog about this flaw and thus alerted the malware developer of his mistake. What happened next? A new variant of CryptoDefense was released with the flaw fixed.
In summary, if you are a security researcher and discover a flaw that may help people recover their items for free; please do not immediately disclose the details. Instead try to help people as long as you can with a decryption tool and only disclose when the authors figures out the flaw themselves. By disclosing the information too soon, you are benefiting yourself at the expense of the victims.