Using Distributed Computing To Thwart Ransomware 361
I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."
Re:Seems rather futile.. (Score:5, Informative)
Re:Got to be a link to the extortionist (Score:4, Informative)
Re:1024 bits is big (Score:3, Informative)
Re:Let me get this straight (Score:2, Informative)
There is a LITTLE magic involved. (Score:4, Informative)
For the Registry, you can "export" the entries for that app to a file and, later, you can import that file into the Registry.
The problem with the Registry is the same as you've noted with the file system. Stuff gets put EVERYWHERE. And there is no way to KNOW that you have EVERYTHING until AFTER you attempt to restore it. AND that doesn't include anything "updated" when you get a patch or point-zero-one release "upgrade".
Now, the installer can put that stuff everywhere
And I don't want to hear that that is to prevent "piracy". Just encrypt the stuff with the unlocking key or whatever. That way I can keep a TEXT file of app-name -- key code on my USB drive along with the backups.
Re:Other way around (Score:2, Informative)
Then we got a virus.
Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.
Re:I've got a better idea (Score:4, Informative)
Re:Seems rather futile.. (Score:5, Informative)
As for it being a trick to crack a root signing key, would they not have to have the private key to encrypt with to start?
It works like this:
1. Virus generates a random encryption key and encrypts your data with it. Let's call this K.
2. Virus encrypts the random key with a RSA public key and instructs you to email that, R(K), and your money, to the ransomers.
3. The ransomers use their RSA private key to decrypt the encrypted random encryption key, R(K), into K.
4. You use the random encryption key they sold back to you, K, to rescue your data.
Someone else's decryption key, K', is not useful to you because your data was encrypted with a different random key K. You have an RSA-encrypted copy of your own random key, R(K), because that's what the ransomers need you to send them so they can sell you the decryption key K. We're trying to crack the RSA private key so we can generate K from R(K) without having to pay them money, i.e. sidestep step 3.
Re:Talking (Score:1, Informative)
Re:Tag: Goodluckwiththat (Score:4, Informative)
Re:I've got a better idea (Score:5, Informative)
Re:Seems rather futile.. (Score:1, Informative)