Using Distributed Computing To Thwart Ransomware 361
I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."
That all depends ... (Score:2, Interesting)
Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.
That depends on whether you think it is acceptable to compel someone to reveal something like that. If, as for example in the US, someone cannot be forced to incriminate himself, then he can just refuse and there is no further recourse. That is, if the only way of getting information out of someone is to ask them nicely for it.
Tag: Goodluckwiththat (Score:5, Interesting)
You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol.
15 million CPU years (Score:4, Interesting)
15 million CPU years is a lot to spend when you could just restore from backups.
Got to be a link to the extortionist (Score:4, Interesting)
How does this malware propogate? (Score:2, Interesting)
Other way around (Score:5, Interesting)
Then I got a virus.
Since then, I make regular backups.
Then we got a virus.
Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.
Sometimes you have parents that are both computer geeks, and they teach you the important of offline backups. Never the less, shit happens anyway.
Re:I've got a better idea (Score:4, Interesting)
Slightly offtopic... origins of the IP address (Score:2, Interesting)
RC4 is easier... (Score:3, Interesting)
RC4 brute force is far easier. There are several known problems with RC4 which may possibly work to our advantage in cracking the data as well..
Re:I've got a better idea (Score:3, Interesting)
Man's stupidity is already being harnessed... we're just too caught up in the minutia to notice it.
Re:1024 bits is big (Score:3, Interesting)
Re:Let me get this straight (Score:3, Interesting)
In this case it is a randomly generated symmetric key that is encrypted so known plaintext won't help. I wonder if the white hats have looked closely at the key generation code. There is a good chance that there isn't much entropy in the keys and the keyspace can be narrowed down enough to make guessing the symmetric key feasible.
Re:How does this malware propogate? (Score:3, Interesting)
Re:RC4 is easier... (Score:3, Interesting)
Re:No trust, ergo, no reason to decrypt (Score:2, Interesting)
So all in all, I think I can trust them to not intentionally do something like that, since that is in both parties' interest.
Re:Seems rather futile.. (Score:3, Interesting)
Re:Data recovery (Score:2, Interesting)
Re:It is a good devlopment, Don't help them (Score:3, Interesting)
The real people against the wall are lazy Windows admins, or companies that understaff their IT department (or hire idiots with little formal education or experience on the dime). No one will ever take out insurance against this stuff, and if someone tries to sell it, they may well be the scum behind the ransomware to begin with. What companies will do is force all their IT people to get MS certs, because managers and execs do exactly what Microsoft tells them to do. Microsoft tells you to pay ungodly amounts for certifications, that's what they do.
Re:Seems rather futile.. (Score:3, Interesting)
The kid picks up another starfish, tosses it into the ocean... "I just did to that one."
Yes, it'd very quickly become pointless in that next time, they'd use a 2048-bit or 4096-bit key, and they'd change it more often. But for the people who've lost data to this thing already, it's never futile if this can get it back.