Using Distributed Computing To Thwart Ransomware

I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."

That all depends ...

[El Cubano]

Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.

That depends on whether you think it is acceptable to compel someone to reveal something like that. If, as for example in the US, someone cannot be forced to incriminate himself, then he can just refuse and there is no further recourse. That is, if the only way of getting information out of someone is to ask them nicely for it.

Tag: Goodluckwiththat

[Opportunist]

The people who did that sit in a country ending in -stan. Countries ending in -stan have real problems and don't care for problems their citizens cause abroad.

You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol.

15 million CPU years

[robo_mojo]

15 million CPU years per key? And the attacker can just make up new keys as often as he likes. He could even make a different key for each target if he wanted.

15 million CPU years is a lot to spend when you could just restore from backups.

Got to be a link to the extortionist

[uab21]

The screenshot at http://news.cnet.com/8301-10784_3-9965381-7.html?tag=nefd.top [cnet.com] says that the victim pays to download a 'decryptor'. Either the decryptor contacts, in real time, the extortionist (at a server location that can be linked to them), or the private key is included in the decryptor program, and should be able to be sussed out...

How does this malware propogate?

[Savior_on_a_Stick]

Is it targeted manually, or is it a specifically directed attack? If it's out in the wild being spread [cough] virally, rather than being inserted into specific targets, then what happens when a mobster's double book accounting system gets infected. Some people have mentioned ruthless CEO's - but if this infected the wrong system, these folks could have someone after them with no restraint, deep pockets, and the resources and experience to root them out. Do I smell a TV movie in the offing?

Other way around

[DrYak]

Back in my youth, I never made regular backups.
Then I got a virus.
Since then, I make regular backups.

Back in my childhood I did regular backups of my family's computer.
Then we got a virus.
Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.

Sometimes you have parents that are both computer geeks, and they teach you the important of offline backups. Never the less, shit happens anyway.

Re:I've got a better idea

[SatanicPuppy]

If we had a backup, wouldn't it be possible to break the encryption using the backed-up data as a crib? Why force the key directly when you know what is in a large chunk of the cyphertext?

Slightly offtopic... origins of the IP address

[New_Age_Reform_Act]

The article mentioned that despite the IP addresses of the email are from China, the fact is the people behind the GPcode campaign are Russian. That makes me wonder that how many computers in China has been turned into Russian zombies. That may well explain the reason why most attacks against U.S. Government networks are originated in China.

RC4 is easier...

[Panaflex]

Why waste time factoring RSA?? The RSA simply wraps an RC4 key.

RC4 brute force is far easier. There are several known problems with RC4 which may possibly work to our advantage in cracking the data as well..

Re:I've got a better idea

[DaedalusHKX]

I think the bankers, the priests and the politicians have already figured out how to turn stupidity into free energy. Witness, for example, the boundlessly stupid as they sign up to fight politicians wars, religionists jihads, to man priests' inquisitions or run on the endless, profitless treadmill of the serf/employee rat race, and witness this set of examples through history. From tithes, to taxes, to "donations" to traffic tickets and drug enforcement, the boundlessly stupid have always eagerly jumped onto the bandwagon of the strong willed and obeyed without a single qualm, always finding quite creative and intelligent ways to justify what it was they were doing... usually via such imaginative excuses such as "just doing my job" or "its the law" or "the priests told me God said it, therefore it must be true" or perhaps "if the nice man on Tee Vee said it, how dare you question it?"

Man's stupidity is already being harnessed... we're just too caught up in the minutia to notice it.

Re:1024 bits is big

[evanbd]

That would solve it in only 2^511 operations. In actuality, factoring of large numbers is far more efficient than that. The techniques are complex, but they're quite good. That's why a 1024 bit RSA key is considered somewhat small (2048 or 4096 are the norm) but for symmetric key ciphers (where you do have to try all 2^n possible keys) use key sizes of 256 bits or less.

Re:Let me get this straight

[burris]

Actually, RSA is vulnerable to chosen plaintext. That is one of the reasons why a signature system encrypts the hash of the document instead of the document itself.

In this case it is a randomly generated symmetric key that is encrypted so known plaintext won't help. I wonder if the white hats have looked closely at the key generation code. There is a good chance that there isn't much entropy in the keys and the keyspace can be narrowed down enough to make guessing the symmetric key feasible.

Re:How does this malware propogate?

[jonwil]

It may sound bad but I actually WANT something like this to be created such that it will spread with the full force of Code Red, Nimda, Blaster, Storm and other massive attacks. 1000s of people and organizations worldwide (some of whom are important and/or have lost important data) would be hit and the world might actually start giving a stuff about computer security.

Re:RC4 is easier...

[burris]

Much more promising is the possibility of a lack of entropy in the key selection process. Without a lot of entropy and a good RNG, the size of the probable keyspace may be reduced dramatically. Enough that searching all probable keys may quite feasible, even trivial.

Re:No trust, ergo, no reason to decrypt

[Terrasque]

it would be less work to give them a correct decryptor, than one that intentionally alters selective parts of a file. Correct decrypting will also give other people a reason to pay the ransom.

So all in all, I think I can trust them to not intentionally do something like that, since that is in both parties' interest.

Re:Seems rather futile..

[ArsonSmith]

So what exactly does a static strap do that just placing your hand on the frame not do? 20 years working with electronics and I've never seen a confirmed static destroyed equipment outside of manufacturing. A few anecdotes like yours, yes, but I've even tested by trying to destroy circuit boards with static. It is something that is extremely important in manufacturing prior to everything being mounted and grounded, not so much afterward.

Re:Data recovery

[sempernoctis]

The encrypted version most likely overwrote the plaintext version in-place, but I suppose it is possible there are plaintext fragments still floating about...according to what I've heard about forensics, you might have a chance if you take your hard drive platters out and borrow the nearest electron microscope to examine them :)

Re:It is a good devlopment, Don't help them

[zullnero]

You seem to forget that Windows isn't cheap at all. Have you ever purchased a site license?

The real people against the wall are lazy Windows admins, or companies that understaff their IT department (or hire idiots with little formal education or experience on the dime). No one will ever take out insurance against this stuff, and if someone tries to sell it, they may well be the scum behind the ransomware to begin with. What companies will do is force all their IT people to get MS certs, because managers and execs do exactly what Microsoft tells them to do. Microsoft tells you to pay ungodly amounts for certifications, that's what they do.

Re:Seems rather futile..

[SanityInAnarchy]

Reminds me of a story. It's a classic inspirational story, of a storm that washes up a bunch of starfish -- or maybe they're seahorses, or jellyfish, depending on who's telling the story. So there's all these starfish dying on the beach... A kid is walking along the beach, picking them up, one by one, and tossing them back into the ocean. A man watches him do this, and after awhile, walks up and says "You know you're not going to make a difference, right?"

The kid picks up another starfish, tosses it into the ocean... "I just did to that one."

Yes, it'd very quickly become pointless in that next time, they'd use a 2048-bit or 4096-bit key, and they'd change it more often. But for the people who've lost data to this thing already, it's never futile if this can get it back.