While that’s true, but there’s no indication of Microsoft brute forcing with million of combinations.

The article you link says Microsoft is only trying a few obvious passwords: the filename, and words found in the plaintext message.

Proper encryption isn’t just about using a strong algorithm. It’s also about proper key management, ie not sending the password in the clear via the same channel as the encrypted files.

Better late than never.

ZIP isn’t a good way to encrypt, but what Microsoft is doing is simply reading the email, and decrypting zips with the password found in the email body.

All encryptions schemes can be trivially broken if you have the key. It’s not even breaking, it’s just normal decryption.

Once the war in Ukraine is over, weaponized drones won’t just vanish. They’re already made by companies with different level of ethics and any country able to pay is or will be able to buy them. Sooner or later, like many weapons, organised crime will get their hands on them, and use them outside of battlefield.

There’s no way to completely prevent it, but we could at least limit damage by regulating the removed out of drones.