back to article Security militia sought to brutalize ransomware virus

After discovering a new and improved virus that encrypts important files on infected machines, researchers from Kaspersky are calling on fellow security professionals to lend a hand in cracking the massive key needed to liberate the ensnared data. The call to arms posted Friday comes two days after the antivirus provider …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Kaspersky, why not

    set things up like they do with folding@home? Then you could get the whole world involved. With things set up, millions of computers will be ready each time the key changes.

  2. Anonymous Coward
    Dead Vulture

    seems rather obvious why not

    all the baddies would have to do is 'process' the real key and send in a negative result. Or flood the system with positive results.

    Dead vulture, because the scene is dead.

  3. Dillon Pyron
    Pirate

    It's just so easy to do

    If you have the clear text and the encrypted text, the key shouldn't be too hard to crack. Just use your backups. You do have backups, right? Oh well, I wonder just how much the ransom is.

  4. Daniel B.
    Boffin

    1024-bit RSA?

    Like the one used in, like, most SSL certs? I think I'd be worried if they could actually crack this, as it would basically crack *any* SSL cert.

    Bye bye HTTPS!!!

  5. Bronek Kozicki
    Thumb Up

    @Daniel B

    I think you missed this news from 2002 http://www.networkcomputing.com/buzzcut/020412bc.html , citation "Some cryptographic experts feel that already 1024-bit keys are too weak for certain kinds of sensitive data". That was 6 years ago.

  6. George Jenkins

    Re: Dillon Pyron: Not so easy

    "If you have the clear text and the encrypted text, the key shouldn't be too hard to crack. Just use your backups. You do have backups, right? Oh well, I wonder just how much the ransom is."

    That is explicitly what sort of attack modern day encryption algorithms are designed to withstand.

    Not to mention that the data is probably symmetrically encrypted with a random key, and this is the only data encrypted with RSA.

    The best part is of course, if you have backups, there is no need to get the wallet out. yay.

  7. Stephen

    pay once

    Uh why not just pay once to get the unencrpytion utility and extract the keys from that. It seems clear they're using the same two keys so...

  8. Frumious Bandersnatch

    brute-forcing the key is not the solution

    Go after the key-holder

  9. Tom Womack
    Boffin

    What's wrong with sleaze and guile?

    Umm, if it's making up a different private key each time then the fifteen million years of compute work are required once per infected machine, which is clearly absurd; and if not, then all Kaspersky has to do is pay the ransom once then disassemble the code they receive and publish the private key that it contains.

    Breaking a 1024-bit RSA key is not impractical because you need fifteen million years of sieving, it's impractical because there's a stage at the end of the operation which requires a computer with some tens of terabytes of uniformly-accessible memory.

  10. Evil

    Here's how it will go

    (One year of brute force cracking)

    Key cracked!

    (5 minutes later)

    Ransomware using new key!

  11. Solomon Grundy

    DMCA

    Doesn't cracking the encryption fall under the "cannot do's" of the DMCA? Can virus writers sue people for modifying their software?

  12. Anthony Bathgate

    So PAY THE RANSOM

    Aren't these people supposed to be smart? Just pay the ransom and they'll have to hand you the key to decrypt said files. I'm sure the security industry could put together a pool - the price can't be THAT high or the conversion rate would be nil (because the only entities that could afford it would be the ones that make backups)

  13. Anonymous Coward
    Paris Hilton

    @daniel b

    Some botnets already get used for somewhat steam driven distributed processing- it's possible that the biggest computing resource in the world is now a botnet rather than the NSA.

    Still, though, brute forcing a 1024 bit key needs a lot of power, would need a colossal number of cycles on a general-purpose CPU. Better to look for cryptographic attacks based on poor implementation, poor PRNGs, maybe even to use honeypots to get some known plain files to assist the attack. This one is beyond brute force and ignorance, I fear :)

    (Paris because, well, none of the other icons fit, and she's nicer to look at than Bill or Steve)

  14. M. Burns Silver badge
    Alert

    Hey Goodin, when Gpcode first made the rounds two years ago...

    Did anyone track down the crooks? Having antivirus software stop the malware from being installed is great, but catching the bad guys is an even greater deterrent. The biggest weakness in ransom crimes is the bad guy has to get his payment in order to be successful. Even with dead drops, the bad guy does have to expose himself (or a cutout) electronically or in person in order to collect that payment.

  15. Anonymous Coward
    Anonymous Coward

    I thought the NSA did own the Botnets :)

    Simple way to stop this style of cracking is to find these people and hire them.

    Stick them on a military base, ply them with tech treats, pizza, and whatever food gets them going, bring in some hookers from time to time, make sure all drugs were freely available and keep them there building a cyber arsenal.

    If one of them breaks into an unauthorized system shoot 'em.

    Funnily enough this would probably work.

  16. Anonymous Coward
    Black Helicopters

    Go after the plain text

    The first rule of cryptography, go after the plain text. Pay the key, and get a bunch of people to kick the crap out of whoever collects the money.

    Black helicopters because that's the way to deal with this sort of crap.

  17. Anonymous Coward
    Anonymous Coward

    Umm, silly question

    If you pay someone you have at some point a connection to them or the funds won't get where they need to be. Isn't that a nice opportunity to nail the sods?

    No? That's what you get with watching too many US movies, I guess. Get Jason Bourne. NOW!

    :-)

  18. Anonymous Coward
    Anonymous Coward

    hmmm ...

    Store valuable files like documents etc on removable flash drives. So much easier to restore a file than re-create it because some numb-nut is holding a copy on the pc to ransom.

    Or even better, have a pc not connected to the internet or a network for these type of sensitive files.

    Who needs to brute force a decryption key when all you need to use are your brains for a change???

  19. Seán

    Bounty

    A bounty equal to the ransom either for the key or the chaps who wrote this thing. Then you still have to pay, but the money doesn't go to the perpetrators.

  20. John Sanders
    Coat

    Important files

    Ha ha!

    I keep all my collection of (pron) sensitive files in a computer which is ofline!

    Mine is the green coat because it's cold outside the internet.

  21. Dodgy Geezer Silver badge
    Black Helicopters

    Yes - do the calculation...!

    "...all the baddies would have to do is 'process' the real key and send in a negative result. Or flood the system with positive results...."

    Actually, the BOINC architecture which handles Folding, and SETI, and all the other calculations already has countermeasures specifically designed to deal with persons uploading dodgy results.

    This IS the biggest computing resource in the world, and if they released a geek calculation like this, I guess it would increase by an order of magnitude. Could be a good way of solving the problem.

    Alternatively, let NSA and GCHQ earn their taxpayers funding for once.....

  22. vincent himpe

    find these guys,

    and then encrypt their DNA with a 1024 bit rsa key. See how they'lll like that !

  23. Anonymous Coward
    Anonymous Coward

    @Anthony Bathgate

    > Aren't these people supposed to be smart?

    The virus creates a random key, encrypts your files using the random key, then encrypts the random key itself using the public half of a public-private key pair.

    If you pay the ransom then presumably they will decode your random key for you, such that you can get back only your files and no-one else's. (Of course they might just take the money and run!)

  24. Doug

    If they build houses like 'computers' .. :)

    Of course no need to ask what innovative piece of crapware this virus runs on. If the housing industry operated like the Windows ecosystem, then we would all be knee deep in sewage and all the construction company can do is offer to sell you a bilge pump ..

  25. Anonymous Coward
    Anonymous Coward

    re: DMCA

    I was thinking the same thing. I can't for a moment believe that the law makers at the time were sensible enough to put a clause in for situations such as this.

  26. Anonymous Coward
    Boffin

    Show the key, not the cards

    NSA should crack the key and release a decryption tool, anonymously. They can't reveal their ability to do this, but they can still do something good for the world incognito. And while they're at it, they can put some backdoors in the software to assist warrantless surveillance.

  27. Chris G

    Geeks not morons

    These guys are geeks not morons so paying them is not going to be a question of leaving a sack of money in a waste bin somewhere that you can stake out and then shoot the guy who collects the money from it. There are lots of interesting ways of wiring the money to a place where it will be accessible to baddies without having to provide a physical presence and numbered accounts are not only available in Switzerland or the Caymans either. Cracking it is the only answer. Then track em down and shoot them before they do it again.

  28. Patrick O'Reilly

    Boinc!

    Why not use the distributed computing power simlar to SETI@Home

  29. Eddie
    Joke

    CJA?

    I wonder if the plods would accept that this virus encrypted your files, and as such, there's no way you can give them the necessary decryption key?

    Now, when you've all finished laughing...

  30. Ken Hagan Gold badge

    Re: brute-forcing the key is not the solution

    "Go after the key-holder"

    Absolutely. Don't these people know *anything* about cryptanalysis? (http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis)

  31. Ian

    @ Doug

    What has this got to do with Windows? There's no technical reason why MacOS X and Linux aren't equally as vulnerable to such an attack.

  32. Shakje

    @Doug

    If they built houses like Macs, they'd cost 4 times as much, look really fancy, but it would have special sockets so that you can only use a certain type of appliance, and if something breaks you have to get approved plumbers or electricians who charge 4 times as much for their service. It's got voice activated lights and you can operate the TV just by thinking about it, but if you actually want to watch TV you can only watch ITV3.

    If they built houses like Linux you'd get fifty locks on the door, but he interior would be a single room, decorated with brown paper. You can do everything you need, except watch telly, because the voltage is wrong on the sockets for your make of TV.

  33. Gerrit Tijhof
    Linux

    Stop storing your files in /Documents and Settings

    Less vulnerable OS's might be an alternative too.

  34. James Butler
    Linux

    @Ian & Shakje

    Permissions. All OS are not alike in this respect, and it's the single element that makes Windows so much more vulnerable than any other OS. While, technically, there is no reason why a Posix system could not get infected with Posix malware, the infection would not be anywhere near as robust nor would it be easily able to spread itself around if it were to find its way into a Posix system. Windows has nothing in these regards, unfortunately.

    And Shakje, you owe it to yourself to check out any of the latest releases from any of the major Linux distributors ... Ubuntu 8.04 is awesome and Fedora 9 is spectacular ... You can only bash Linux for so long before you start to look like a luddite. A more appropriate simile might be:

    "If they built houses like Linux, the single lock on the door would open into a different house for each key holder, each of whom would have no idea that there was anyone else living there. As they entered, their music would begin, their cocktail(s) would arrive, perfectly mixed, and they could look forward to an evening of relaxing engagements that they, themselves, define, rather that being forced to address a stack of chores that the house came up with while they were away."

  35. C. B. Legier
    Linux

    If it wasn't Windows, it would be...

    If any other distribution of an OS other than Windows was the most widely used in the world, it would be the most widely vulnerable, too.

    I feed the penguin because he is good to me.

  36. Nick Pettefar

    Do Any Of You -

    Have a feeling that anybody actually paying these scum money would result in them getting anything useful in return? Honestly? Really?

    (This was written on a Mac/BSD Unix workstation.)

  37. Jeff
    Thumb Down

    More Excuses ...lets help ....NOT

    just another excuse to use others to develop a way to crack

    PKI used in many areas .....lets all help them .......NOT

This topic is closed for new posts.

Other stories you might like