Ransomware keybreaking

Published: 2008-06-10
Last Updated: 2008-06-10 21:16:23 UTC
by Swa Frantzen (Version: 3)
1 comment(s)

Some interesting bits about some new "ransomware". It's malware that encrypts the victim's data and asks to be sent money for the decrypting software. As such there is nothing spectacularly new were it not that it seems the attacker seems to have properly used cryptography to get it done: RC4 for the bulk of the work and then a 1024 bit RSA key public key to hide the RC4 key.

Well so far it looks like the malware author upped the ante and made it harder for the AV world to beat him. Especially since the largest RSA key ever to be publicly broken only weighs in at 663 bit length, not 1024 (which makes a huge difference!).

Kaspersky launched a project to ask for help in breaking the key. This would take about a year with millions of computers, so it's not something trivial to take on.

But there are a few problems here beyond the cryptographic challenge.

First, how do we know the attacker won't change the key before we're done. After all, it'll take him merely minutes to swap the key in a new strain of his malware and we're set for another year ? This isn't a race we're going to win.

It gets worse when reading Eran Tromer's writing over at MIT:

How do we know this public key (or his next key, or the one after that), is a key the attacker actually has the matching private key for? How do we know for sure this key doesn't belong to somebody else and by giving out the private key to thwart the apparent attacker we're actually helping him in his real attack against somebody else. This could be settled by letting -through the right trickery- proof the attacker that he actually has the key.

But suppose we don't get the proof, how do we know it's not even far worse and that this public key belong to some infrastructure we rely on to keep things safe ? Imagine the key belonging to a CA used to sign SSL certificates ... we'd be causing a whole lot of damage by making such a secret key known. Imagine the key belonging to a bank's https site, it would become vulnerable to a MitM attack without the customers getting so much as to have to click next on their attempts to connect (yeah, why browsers even allow you to do that, but that's another story).

I'd propose old fashioned police work instead: follow the money, seize the private key (if he has it) and throw the criminal(s) in jail for a very long time.

Some links:

UPDATE: Chris wrote in to remind us that backups are a great way to recover files.

  • You do make backups?
  • You do keep them around for long enough?
  • You keep them off-line?
  • You do test the restore every so often?

More on backups from our awareness tips by Mike Poor.

UPDATE: A reader pointed us to a zdnet blog that seems to report on contacting the bad guys behind the attack. For those considering this: be extremely careful doing this. not just not to encourage them in continuing, but far worse for your own safety.

Swa Frantzen --- Gorilla Security

1 comment(s)


Add to the list of questionable assumptions: How do you know that paying the attacker will stop the attacks? (Harden and restore, it's the only way.)

Diary Archives