Using Distributed Computing To Thwart Ransomware

I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."

Re:Seems rather futile..

[oldspewey]

As has been pointed out in the past - the people who are most likely to become infected with a ransomware virus are exactly the same people who are least likely to have backups available.

Re:Got to be a link to the extortionist

[steveb3210]

The explanation I found on the site isn't quite this simple. The data is encrypted with a randomly-generated symmertic key that is protected with RSA.. You send the bad guys the file with the key in it, they decrpyt it and write a program to decrypt everything..

Re:1024 bits is big

[Daimanta]

But you don't have to check them all. You can start at the root of the number and go down, skipping even numbers and then some.

Re:Let me get this straight

[Anonymous Coward]

If this is the least bit surprising to you, all I can say is that you are not very up to date with cryptography. Security against a so-called "known plaintext attack" is an absolutely stock standard criteria for ciphers these days. For the last few decades no serious cipher has been substantially weaker against known plaintexts than against random plaintexts.

There is a LITTLE magic involved.

[khasim]

Do I just not know some Windows Admin secret magic, or is it true that I really can't back up my applications.

There is a little magic that you can try, but you are pretty much correct. You cannot EASILY backup your Windows apps.

For the Registry, you can "export" the entries for that app to a file and, later, you can import that file into the Registry.

The problem with the Registry is the same as you've noted with the file system. Stuff gets put EVERYWHERE. And there is no way to KNOW that you have EVERYTHING until AFTER you attempt to restore it. AND that doesn't include anything "updated" when you get a patch or point-zero-one release "upgrade".

Now, the installer can put that stuff everywhere ... and in theory it can remove that stuff when you un-install it ... but it cannot COPY that stuff to a backup directory/device?

And I don't want to hear that that is to prevent "piracy". Just encrypt the stuff with the unlocking key or whatever. That way I can keep a TEXT file of app-name -- key code on my USB drive along with the backups.

Re:Other way around

[Anonymous Coward]

Back in my childhood I did regular backups of my family's computer.
Then we got a virus.
Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.

So you wind back the system clock pre-bomb and restore any of your backups, even the most recent, then copy the data off. Or your restore your backups and then delete the infected files before you try and execute them. What's the problem?

Re:I've got a better idea

[evanbd]

Known plaintext attacks are a mainstay of cryptanalysis. They tend to be more powerful than other attacks, but they still don't help much. Factoring is the best known technique for RSA, even given known plaintext or chosen plaintext.

Re:Seems rather futile..

[Anonymous Conrad]

I'll assume someone paid the ransom at least once. So what key did they use to decrypt? Do us a favor and post it.

As for it being a trick to crack a root signing key, would they not have to have the private key to encrypt with to start?

... huh?

It works like this:

1. Virus generates a random encryption key and encrypts your data with it. Let's call this K.
2. Virus encrypts the random key with a RSA public key and instructs you to email that, R(K), and your money, to the ransomers.
3. The ransomers use their RSA private key to decrypt the encrypted random encryption key, R(K), into K.
4. You use the random encryption key they sold back to you, K, to rescue your data.

Someone else's decryption key, K', is not useful to you because your data was encrypted with a different random key K. You have an RSA-encrypted copy of your own random key, R(K), because that's what the ransomers need you to send them so they can sell you the decryption key K. We're trying to crack the RSA private key so we can generate K from R(K) without having to pay them money, i.e. sidestep step 3.

Re:Talking

[Anonymous Coward]

Yes, because obviously american constitution applies everywhere in the world.

Re:Tag: Goodluckwiththat

[CodeBuster]

You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol.

Nothing came of it because you did not sweeten the pot for local law enforcement, politicians, and judges with large bribes. If one wants justice or even just to get something done in a -stan country then one has to grease the wheels of the local economy or in other words its pay (more than your opponent) to play. This is how much of the world outside of the United States, Britain, and Western Europe functions, it is practically impossible to get things done or at least done quickly if bribes are not involved.

Re:I've got a better idea

[DamnStupidElf]

Even further, you *don't* have the known plaintext to break RSA because it's a random symmetric key encrypted with RSA that is used to encrypt the files by the virus. Every modern cipher since DES has been highly resistant to known plaintext attacks. That's a basic requirement for a cipher to be considered non-broken.

Re:Seems rather futile..

[sglewis100]

Free? Why free? Anyway, if you drop the free requirement, they already addressed both your needs. You can use any external hard drive, but for those who are just Joe Average users who walk into an Apple Store and say "I want to use that Time Machine thing" they can buy a Time Capsule, which combines a 802.11n router with a 500gb or 1tb hard drive that's setup to backup all Macs in the home. As far as online components go, there's always .Mac-soon-to-be-MobileMe which provides 10gb (now) and 20gb (soon) of space for documents, email, web, etc. They also Sync Services to backup contacts, calendars, etc and synchronize them to all Macs. You can use their free-for-subscribers Backup application to automate backups to their online file storage solution (iDisk). I wouldn't imagine you should expect any of this to be free from them anytime soon though. By the way, if I recall, the first time you pop in an external drive, I believe Time Machine pops up a window and automatically asks you if you'd like to start using it for the backups. Couldn't get any easier.