Kaspersky, why not
set things up like they do with folding@home? Then you could get the whole world involved. With things set up, millions of computers will be ready each time the key changes.
After discovering a new and improved virus that encrypts important files on infected machines, researchers from Kaspersky are calling on fellow security professionals to lend a hand in cracking the massive key needed to liberate the ensnared data. The call to arms posted Friday comes two days after the antivirus provider …
"If you have the clear text and the encrypted text, the key shouldn't be too hard to crack. Just use your backups. You do have backups, right? Oh well, I wonder just how much the ransom is."
That is explicitly what sort of attack modern day encryption algorithms are designed to withstand.
Not to mention that the data is probably symmetrically encrypted with a random key, and this is the only data encrypted with RSA.
The best part is of course, if you have backups, there is no need to get the wallet out. yay.
Umm, if it's making up a different private key each time then the fifteen million years of compute work are required once per infected machine, which is clearly absurd; and if not, then all Kaspersky has to do is pay the ransom once then disassemble the code they receive and publish the private key that it contains.
Breaking a 1024-bit RSA key is not impractical because you need fifteen million years of sieving, it's impractical because there's a stage at the end of the operation which requires a computer with some tens of terabytes of uniformly-accessible memory.
Aren't these people supposed to be smart? Just pay the ransom and they'll have to hand you the key to decrypt said files. I'm sure the security industry could put together a pool - the price can't be THAT high or the conversion rate would be nil (because the only entities that could afford it would be the ones that make backups)
Some botnets already get used for somewhat steam driven distributed processing- it's possible that the biggest computing resource in the world is now a botnet rather than the NSA.
Still, though, brute forcing a 1024 bit key needs a lot of power, would need a colossal number of cycles on a general-purpose CPU. Better to look for cryptographic attacks based on poor implementation, poor PRNGs, maybe even to use honeypots to get some known plain files to assist the attack. This one is beyond brute force and ignorance, I fear :)
(Paris because, well, none of the other icons fit, and she's nicer to look at than Bill or Steve)
Did anyone track down the crooks? Having antivirus software stop the malware from being installed is great, but catching the bad guys is an even greater deterrent. The biggest weakness in ransom crimes is the bad guy has to get his payment in order to be successful. Even with dead drops, the bad guy does have to expose himself (or a cutout) electronically or in person in order to collect that payment.
Simple way to stop this style of cracking is to find these people and hire them.
Stick them on a military base, ply them with tech treats, pizza, and whatever food gets them going, bring in some hookers from time to time, make sure all drugs were freely available and keep them there building a cyber arsenal.
If one of them breaks into an unauthorized system shoot 'em.
Funnily enough this would probably work.
Store valuable files like documents etc on removable flash drives. So much easier to restore a file than re-create it because some numb-nut is holding a copy on the pc to ransom.
Or even better, have a pc not connected to the internet or a network for these type of sensitive files.
Who needs to brute force a decryption key when all you need to use are your brains for a change???
"...all the baddies would have to do is 'process' the real key and send in a negative result. Or flood the system with positive results...."
Actually, the BOINC architecture which handles Folding, and SETI, and all the other calculations already has countermeasures specifically designed to deal with persons uploading dodgy results.
This IS the biggest computing resource in the world, and if they released a geek calculation like this, I guess it would increase by an order of magnitude. Could be a good way of solving the problem.
Alternatively, let NSA and GCHQ earn their taxpayers funding for once.....
> Aren't these people supposed to be smart?
The virus creates a random key, encrypts your files using the random key, then encrypts the random key itself using the public half of a public-private key pair.
If you pay the ransom then presumably they will decode your random key for you, such that you can get back only your files and no-one else's. (Of course they might just take the money and run!)
Of course no need to ask what innovative piece of crapware this virus runs on. If the housing industry operated like the Windows ecosystem, then we would all be knee deep in sewage and all the construction company can do is offer to sell you a bilge pump ..
NSA should crack the key and release a decryption tool, anonymously. They can't reveal their ability to do this, but they can still do something good for the world incognito. And while they're at it, they can put some backdoors in the software to assist warrantless surveillance.
These guys are geeks not morons so paying them is not going to be a question of leaving a sack of money in a waste bin somewhere that you can stake out and then shoot the guy who collects the money from it. There are lots of interesting ways of wiring the money to a place where it will be accessible to baddies without having to provide a physical presence and numbered accounts are not only available in Switzerland or the Caymans either. Cracking it is the only answer. Then track em down and shoot them before they do it again.
If they built houses like Macs, they'd cost 4 times as much, look really fancy, but it would have special sockets so that you can only use a certain type of appliance, and if something breaks you have to get approved plumbers or electricians who charge 4 times as much for their service. It's got voice activated lights and you can operate the TV just by thinking about it, but if you actually want to watch TV you can only watch ITV3.
If they built houses like Linux you'd get fifty locks on the door, but he interior would be a single room, decorated with brown paper. You can do everything you need, except watch telly, because the voltage is wrong on the sockets for your make of TV.
Permissions. All OS are not alike in this respect, and it's the single element that makes Windows so much more vulnerable than any other OS. While, technically, there is no reason why a Posix system could not get infected with Posix malware, the infection would not be anywhere near as robust nor would it be easily able to spread itself around if it were to find its way into a Posix system. Windows has nothing in these regards, unfortunately.
And Shakje, you owe it to yourself to check out any of the latest releases from any of the major Linux distributors ... Ubuntu 8.04 is awesome and Fedora 9 is spectacular ... You can only bash Linux for so long before you start to look like a luddite. A more appropriate simile might be:
"If they built houses like Linux, the single lock on the door would open into a different house for each key holder, each of whom would have no idea that there was anyone else living there. As they entered, their music would begin, their cocktail(s) would arrive, perfectly mixed, and they could look forward to an evening of relaxing engagements that they, themselves, define, rather that being forced to address a stack of chores that the house came up with while they were away."