Why is so much ransomware breakable?Need advice on Cryptography digital files projectHow to encrypt a short string to a short ciphertext using an asymmetric encryption?Encrypt in C# program, Decrypt in android application By RSA KeysRSA and AES combination in offline situationHow to deliver an encrypted message to multiple recipients without revealing keysSniffed SSL/TLS decryption : handshake necessary?Why does WannaCry encrypt symmetric key with a new per-victim-only public key?Public / Private Key Cryptography for offline systems
Is it poor workplace etiquette to display signs of relative "wealth" at work when others are struggling financially?
Does code obfuscation give any measurable security benefit?
Loading tanks for supercritical oxygen and hydrogen on the launch pad, how to acheive low temperature and high pressure?
Did the US push the Kurds to lower their defences against Turkey in the months preceding the latest Turkish military operation against them?
Russian Caesar cipher
Why do these two ways of understanding constant acceleration give different results?
Is it unusual that English uses possessive for past tense?
If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?
100% positive Glassdoor employee reviews, 100% negative candidate reviews
Why did my relationship with my wife go down by two hearts?
Who inspired the character Geordi La Forge?
Can Microsoft employees see my data?
I run daily 5kms but I cant seem to improve stamina when playing soccer
On notice period - coworker I need to train is giving me the silent treatment
My First Riddle: What Am I?
How can I make a smooth transition from being a Black-Box Tester to an expert Automation Engineer?
Is there any research on the development of attacks against artificial intelligence systems?
Is it allowed to let the engine of an aircraft idle without a pilot in the plane. (For both helicopters and aeroplanes)
How does a ball bearing door hinge work?
Need a function be continuous on a closed interval for the constitution of Intermediate Value Theorem?
How can you tell apart the pronounciation at the end between the "meine" and "meiner" in the daily spoken situation?
How to increment the value of a (decimal) variable (with leading zero) by +1?
What happens when supercritical fuel tanks deplete below critical point?
If you revoke a certificate authority's certificate, do all of the certificates it issued become invalid as well?
Why is so much ransomware breakable?
Need advice on Cryptography digital files projectHow to encrypt a short string to a short ciphertext using an asymmetric encryption?Encrypt in C# program, Decrypt in android application By RSA KeysRSA and AES combination in offline situationHow to deliver an encrypted message to multiple recipients without revealing keysSniffed SSL/TLS decryption : handshake necessary?Why does WannaCry encrypt symmetric key with a new per-victim-only public key?Public / Private Key Cryptography for offline systems
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
The site: https://www.nomoreransom.org/ offers many decrypter tools for ransomware.
But why?
It shouldn't be so hard to use the Windows Crypto API (e.g. just google "create AES Key in Windows") to create AES Keys, encrypt them with a locally generated public RSA Key and encrypt the corresponding private RSA Key with a Public RSA Key that the attacker controls. (The method of Wanacry.)
If the victim pays the ransom, they have to send the encrypted private RSA key to the attackers, and hopefully get the decrypted private RSA key back.
Why do these people try to reinvent the wheel and in the process make mistakes that allow the development of decrypter tools?
encryption virus ransomware
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
add a comment
|
The site: https://www.nomoreransom.org/ offers many decrypter tools for ransomware.
But why?
It shouldn't be so hard to use the Windows Crypto API (e.g. just google "create AES Key in Windows") to create AES Keys, encrypt them with a locally generated public RSA Key and encrypt the corresponding private RSA Key with a Public RSA Key that the attacker controls. (The method of Wanacry.)
If the victim pays the ransom, they have to send the encrypted private RSA key to the attackers, and hopefully get the decrypted private RSA key back.
Why do these people try to reinvent the wheel and in the process make mistakes that allow the development of decrypter tools?
encryption virus ransomware
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
19
Using the Windows crypto API can trigger antivirus heuristics.
– forest
May 15 at 23:25
103
Asking why malware isn't quality is like asking why criminal enterprises aren't stellar examples of business management...
– benxyzzy
May 16 at 6:57
3
Why not encrypt the AES key directly with the public RSA key the attacker controls?
– lvella
May 16 at 10:02
1
You could do that, but in this case, the victim has to send all the encrypted AES-keys (one for each file) to the attacker, which requires more bandwidth. (Alternatively, the attacker could use a single AES-key for all files.) Remark: What i described was the workflow of Wanacry.
– kiara
May 16 at 11:51
2
It is all about business common sense . Aperfectransomware crypter will have a risk the the ransomware actor fail to capture the key. There already happens in a few case that the ransomware failure to send the locally generated key back to its hiding place, which damage the reputation and risk future victims willingness to pay. Leaving some "leniency" hole is the best business strategy.
– mootmoot
May 17 at 15:51
add a comment
|
The site: https://www.nomoreransom.org/ offers many decrypter tools for ransomware.
But why?
It shouldn't be so hard to use the Windows Crypto API (e.g. just google "create AES Key in Windows") to create AES Keys, encrypt them with a locally generated public RSA Key and encrypt the corresponding private RSA Key with a Public RSA Key that the attacker controls. (The method of Wanacry.)
If the victim pays the ransom, they have to send the encrypted private RSA key to the attackers, and hopefully get the decrypted private RSA key back.
Why do these people try to reinvent the wheel and in the process make mistakes that allow the development of decrypter tools?
encryption virus ransomware
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
The site: https://www.nomoreransom.org/ offers many decrypter tools for ransomware.
But why?
It shouldn't be so hard to use the Windows Crypto API (e.g. just google "create AES Key in Windows") to create AES Keys, encrypt them with a locally generated public RSA Key and encrypt the corresponding private RSA Key with a Public RSA Key that the attacker controls. (The method of Wanacry.)
If the victim pays the ransom, they have to send the encrypted private RSA key to the attackers, and hopefully get the decrypted private RSA key back.
Why do these people try to reinvent the wheel and in the process make mistakes that allow the development of decrypter tools?
encryption virus ransomware
encryption virus ransomware
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
edited May 16 at 7:30
kiara
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
asked May 15 at 15:27
kiarakiara
4471 gold badge2 silver badges7 bronze badges
4471 gold badge2 silver badges7 bronze badges
19
Using the Windows crypto API can trigger antivirus heuristics.
– forest
May 15 at 23:25
103
Asking why malware isn't quality is like asking why criminal enterprises aren't stellar examples of business management...
– benxyzzy
May 16 at 6:57
3
Why not encrypt the AES key directly with the public RSA key the attacker controls?
– lvella
May 16 at 10:02
1
You could do that, but in this case, the victim has to send all the encrypted AES-keys (one for each file) to the attacker, which requires more bandwidth. (Alternatively, the attacker could use a single AES-key for all files.) Remark: What i described was the workflow of Wanacry.
– kiara
May 16 at 11:51
2
It is all about business common sense . Aperfectransomware crypter will have a risk the the ransomware actor fail to capture the key. There already happens in a few case that the ransomware failure to send the locally generated key back to its hiding place, which damage the reputation and risk future victims willingness to pay. Leaving some "leniency" hole is the best business strategy.
– mootmoot
May 17 at 15:51
add a comment
|
19
Using the Windows crypto API can trigger antivirus heuristics.
– forest
May 15 at 23:25
103
Asking why malware isn't quality is like asking why criminal enterprises aren't stellar examples of business management...
– benxyzzy
May 16 at 6:57
3
Why not encrypt the AES key directly with the public RSA key the attacker controls?
– lvella
May 16 at 10:02
1
You could do that, but in this case, the victim has to send all the encrypted AES-keys (one for each file) to the attacker, which requires more bandwidth. (Alternatively, the attacker could use a single AES-key for all files.) Remark: What i described was the workflow of Wanacry.
– kiara
May 16 at 11:51
2
It is all about business common sense . Aperfectransomware crypter will have a risk the the ransomware actor fail to capture the key. There already happens in a few case that the ransomware failure to send the locally generated key back to its hiding place, which damage the reputation and risk future victims willingness to pay. Leaving some "leniency" hole is the best business strategy.
– mootmoot
May 17 at 15:51
19
19
Using the Windows crypto API can trigger antivirus heuristics.
– forest
May 15 at 23:25
Using the Windows crypto API can trigger antivirus heuristics.
– forest
May 15 at 23:25
103
103
Asking why malware isn't quality is like asking why criminal enterprises aren't stellar examples of business management...
– benxyzzy
May 16 at 6:57
Asking why malware isn't quality is like asking why criminal enterprises aren't stellar examples of business management...
– benxyzzy
May 16 at 6:57
3
3
Why not encrypt the AES key directly with the public RSA key the attacker controls?
– lvella
May 16 at 10:02
Why not encrypt the AES key directly with the public RSA key the attacker controls?
– lvella
May 16 at 10:02
1
1
You could do that, but in this case, the victim has to send all the encrypted AES-keys (one for each file) to the attacker, which requires more bandwidth. (Alternatively, the attacker could use a single AES-key for all files.) Remark: What i described was the workflow of Wanacry.
– kiara
May 16 at 11:51
You could do that, but in this case, the victim has to send all the encrypted AES-keys (one for each file) to the attacker, which requires more bandwidth. (Alternatively, the attacker could use a single AES-key for all files.) Remark: What i described was the workflow of Wanacry.
– kiara
May 16 at 11:51
2
2
It is all about business common sense . A
perfect ransomware crypter will have a risk the the ransomware actor fail to capture the key. There already happens in a few case that the ransomware failure to send the locally generated key back to its hiding place, which damage the reputation and risk future victims willingness to pay. Leaving some "leniency" hole is the best business strategy.– mootmoot
May 17 at 15:51
It is all about business common sense . A
perfect ransomware crypter will have a risk the the ransomware actor fail to capture the key. There already happens in a few case that the ransomware failure to send the locally generated key back to its hiding place, which damage the reputation and risk future victims willingness to pay. Leaving some "leniency" hole is the best business strategy.– mootmoot
May 17 at 15:51
add a comment
|
4 Answers
4
active
oldest
votes
Disclosure: I work for one of vendors participating in NoMoreRansom.
Most modern ransomware indeed implements proper cryptography. Earlier versions were using rand() for key generation, seeding the random generators with variants of time() - this is why it was important for successful decryption to know when exactly the infection happened; ideally down to minutes. Those could be decrypted with brute force. But most modern ransomware indeed uses either Windows Crypto API, or bundled crypto libraries.
However, no matter how correctly ransomware is implemented, there is always a weak point - to facilitate decryption, the key(s) have to be stored somewhere. This location could be traced by security companies, who would work together with law enforcement to take it over. Access to the server gives the security company the ability to decrypt the ransomware victims files. This is for example the case with GangCrab ransomware.
edited May 16 at 20:31
eclipz905
1092 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
6
There is of course the possibility that there is no decryption key. Once the criminals get the ransom, why would they care about repairing the damage done?
– gnasher729
May 15 at 20:54
56
@gnasher729 people are also lot more likely to pay up if your particular malware has a reputation for following through on decryption. If you never get your files back no ones going to pay. (Sometimes you're right though)
– Richard Tingle
May 15 at 21:39
22
@gnasher729 I would be more inclined to pay a ransom for my family if the abductors don't have the reputation to kill the hostages anyway ;)
– Thomas
May 16 at 7:47
27
@Damon If you're talking about third world professional kidnappers that's not really true. There's a whole insurance industry around paying ransoms because those kidnappers want money, they don't want companies to just write off their employees or worse stop sending employees to the country altogether.
– IllusiveBrian
May 16 at 13:57
4
And yes, we know. Chuck Norris and intelligence agencies can track down Tor hidden services, the latter with a few clicks, the former with a roundhouse kick to the screen
– usr-local-ΕΨΗΕΛΩΝ
May 16 at 15:26
|
show 11 more comments
It is just a cost/gain question. Ransomware developers generally do not want to build a security tool with all the involved reviewing. They just want the less expensive tool that will allow them to get more money than it cost. Of course, they are probably breakable, but who cares? Provided some of the first victims have paid what they were asked, the attacker gets much more money than they spent. Furthermore, the longer you use one, the higher the risk to be caught if a governmental security agency manages to come into play.
It is more or less what many real-life thieves do when they manage to enter in a random house: take the most valuable things in the shortest possible time and go away.
Things are different both in the real life and IT world for targetted attacks. If you want to attack a bank or a jewelry shop, the gain is expected to be high enough to spend a lot of preparation time. The same when a governmental service attacks a strategic target, they will use higher quality tools. But it is seldom used for random targets.
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
add a comment
|
The obvious answer is that no criminal would want to interact so directly with their victim.
"send the encrypted private RSA key to the attackers"
requires a consistent point of contact.
In the current model, all the communication is one-way and fungible:
- malware displays a screen instructing the victim to deposit bitcoins (no direct contact)
- criminals monitor deposits and send email with key (communication is automated and one-way from any disposable intermediary)
The current model works so well, it is one of the top threats worldwide. There are always ways to improve a system, but if it isn't broken, what's the benefit?
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
1
Well, the current model does not work in so many cases. But to your answer: If the attacker only want to communicate one-way, they either have to have a single decryption key for all victims or they have to hard code a individual RSA Public key for every infected machine. However, it would be easy to send the encrypted private key to a server just after the infection. (They usually have to download the ransomware from a server anyway.) Then the decryption can be done automatically as you described.
– kiara
May 15 at 15:56
2
how is that evidence of it not working?
– schroeder♦
May 15 at 15:58
2
The encryption is not messed up. The encryption is fine. The problem is that the key is exposed after people submit the encrypted files and received keys for analysis. When this happens, the criminals just change the keys or even the code base (lots to choose from). There is no error here and nothing to fix.
– schroeder♦
May 15 at 16:02
1
"it would be easy to send the encrypted private key to a server just after the infection" - that creates a trail back to the attackers. No criminal would want that, as I said.
– schroeder♦
May 15 at 16:06
2
@noɥʇʎԀʎzɐɹƆ Seems like a lot more work and development effort to set up then current established methods. If you are a malware author, you only care to a limited extend if a decryptor gets released eventually - proportionally with how much time you spent making it. You just make another ransomware then
– Magisch
May 17 at 9:41
|
show 3 more comments
Frankly, it's pretty tricky to pull off good file encryption and decryption, even with a library that's supposed to do it for you. I tried to modify a cryptor (meant to obfuscate viruses to hide their signatures from antivirus programs) that used a very basic bitshift technique originally, and it didn't work well because most antivirus programs would literally brute force the binary and could realize that it was actually a virus! I wanted to replace the bitshift "encryption", if you could even call it that, with AES encryption via a C# library that I had used successfully in the past for strings, but I could never make it work. Another problem is that the more complicated your encryption algorith is, the longer it takes to sweep the entire disk, and then decrypt at the end when/if they pay. It's also more likely to fail in the middle and result in an incomplete job.
What I saw once on my grandma's computer, back before ransomware really took off and got better, was a ransomware program that supposedly encrypted her files and wanted about $200 to decrypt them. All it did in reality was add the extension ".crypted" to the end of every single file so windows didn't know what program to use to open any of them! Once I figured that out, all that was necessary to do was use the task manager to locate and delete the original ransomware file, then write a batch script to recursively check every file on the system for the .crypted extension and remove it if present. Problem solved within an hour, no money paid to hackers at all! But if they had used AES, this technique wouldn't have worked at all, and deleting the virus file would probably destroy any hope you ever had of cracking the military grade encryption.
The difference is that the guy who used the first technique of renaming the file extension so windows couldn't open any files probably already had hundreds of infections by the time the guy using military grade encryption even finished his virus, and the 5% of people who are smart enough to fix the first one are probably also smart enough to not be infected by the second one. The other 95% of people who couldn't figure out any way to fix either virus other than just paying the ransom, probably paid it the first time (to the guy with the easily breakable ransomware) and then immediately set up a full backup solution to prevent it from ever happening again. If they later got infected by the military grade ransomware, they already learned their lesson once and just restored from the backup. Hopefully even people who haven't been infected yet start to set up backups, so they never even have to pay the ransom once.
From this scenario, you can see how the guy with the easily breakable ransomware can release it first, it acts faster and is more reliable and easier to reverse even if the antivirus program manages to delete the virus before decryption, and because of that, he will make more money than the person who spends tons of time setting up a fully bulletproof ransomware virus, but is later to the market after people have started to wise up and back up their important files.
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
How did you restore the original file extensions? Or did the Ransomware append the .crypted extension to the original filename including the extension? I.e: photo.png.crypted
– Morgan
May 18 at 13:23
@Morgan, yes they literally just added the extension ".crypted" to the end of every single file windows would let them modify automatically! Lowest effort ransomware ever, but very easily reversible for both the ransomware itself and for any competent computer user. Unfortunately, probably 80% of computer users are not that competent, and even if they know what role the file extension plays and they don't freak out about the windows warning message you get while changing them, it would take days/weeks to revert them all by hand without a script.
– Cyle Langenhennig
Jul 8 at 21:34
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210243%2fwhy-is-so-much-ransomware-breakable%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Disclosure: I work for one of vendors participating in NoMoreRansom.
Most modern ransomware indeed implements proper cryptography. Earlier versions were using rand() for key generation, seeding the random generators with variants of time() - this is why it was important for successful decryption to know when exactly the infection happened; ideally down to minutes. Those could be decrypted with brute force. But most modern ransomware indeed uses either Windows Crypto API, or bundled crypto libraries.
However, no matter how correctly ransomware is implemented, there is always a weak point - to facilitate decryption, the key(s) have to be stored somewhere. This location could be traced by security companies, who would work together with law enforcement to take it over. Access to the server gives the security company the ability to decrypt the ransomware victims files. This is for example the case with GangCrab ransomware.
edited May 16 at 20:31
eclipz905
1092 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
6
There is of course the possibility that there is no decryption key. Once the criminals get the ransom, why would they care about repairing the damage done?
– gnasher729
May 15 at 20:54
56
@gnasher729 people are also lot more likely to pay up if your particular malware has a reputation for following through on decryption. If you never get your files back no ones going to pay. (Sometimes you're right though)
– Richard Tingle
May 15 at 21:39
22
@gnasher729 I would be more inclined to pay a ransom for my family if the abductors don't have the reputation to kill the hostages anyway ;)
– Thomas
May 16 at 7:47
27
@Damon If you're talking about third world professional kidnappers that's not really true. There's a whole insurance industry around paying ransoms because those kidnappers want money, they don't want companies to just write off their employees or worse stop sending employees to the country altogether.
– IllusiveBrian
May 16 at 13:57
4
And yes, we know. Chuck Norris and intelligence agencies can track down Tor hidden services, the latter with a few clicks, the former with a roundhouse kick to the screen
– usr-local-ΕΨΗΕΛΩΝ
May 16 at 15:26
|
show 11 more comments
Disclosure: I work for one of vendors participating in NoMoreRansom.
Most modern ransomware indeed implements proper cryptography. Earlier versions were using rand() for key generation, seeding the random generators with variants of time() - this is why it was important for successful decryption to know when exactly the infection happened; ideally down to minutes. Those could be decrypted with brute force. But most modern ransomware indeed uses either Windows Crypto API, or bundled crypto libraries.
However, no matter how correctly ransomware is implemented, there is always a weak point - to facilitate decryption, the key(s) have to be stored somewhere. This location could be traced by security companies, who would work together with law enforcement to take it over. Access to the server gives the security company the ability to decrypt the ransomware victims files. This is for example the case with GangCrab ransomware.
edited May 16 at 20:31
eclipz905
1092 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
6
There is of course the possibility that there is no decryption key. Once the criminals get the ransom, why would they care about repairing the damage done?
– gnasher729
May 15 at 20:54
56
@gnasher729 people are also lot more likely to pay up if your particular malware has a reputation for following through on decryption. If you never get your files back no ones going to pay. (Sometimes you're right though)
– Richard Tingle
May 15 at 21:39
22
@gnasher729 I would be more inclined to pay a ransom for my family if the abductors don't have the reputation to kill the hostages anyway ;)
– Thomas
May 16 at 7:47
27
@Damon If you're talking about third world professional kidnappers that's not really true. There's a whole insurance industry around paying ransoms because those kidnappers want money, they don't want companies to just write off their employees or worse stop sending employees to the country altogether.
– IllusiveBrian
May 16 at 13:57
4
And yes, we know. Chuck Norris and intelligence agencies can track down Tor hidden services, the latter with a few clicks, the former with a roundhouse kick to the screen
– usr-local-ΕΨΗΕΛΩΝ
May 16 at 15:26
|
show 11 more comments
Disclosure: I work for one of vendors participating in NoMoreRansom.
Most modern ransomware indeed implements proper cryptography. Earlier versions were using rand() for key generation, seeding the random generators with variants of time() - this is why it was important for successful decryption to know when exactly the infection happened; ideally down to minutes. Those could be decrypted with brute force. But most modern ransomware indeed uses either Windows Crypto API, or bundled crypto libraries.
However, no matter how correctly ransomware is implemented, there is always a weak point - to facilitate decryption, the key(s) have to be stored somewhere. This location could be traced by security companies, who would work together with law enforcement to take it over. Access to the server gives the security company the ability to decrypt the ransomware victims files. This is for example the case with GangCrab ransomware.
edited May 16 at 20:31
eclipz905
1092 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
Disclosure: I work for one of vendors participating in NoMoreRansom.
Most modern ransomware indeed implements proper cryptography. Earlier versions were using rand() for key generation, seeding the random generators with variants of time() - this is why it was important for successful decryption to know when exactly the infection happened; ideally down to minutes. Those could be decrypted with brute force. But most modern ransomware indeed uses either Windows Crypto API, or bundled crypto libraries.
However, no matter how correctly ransomware is implemented, there is always a weak point - to facilitate decryption, the key(s) have to be stored somewhere. This location could be traced by security companies, who would work together with law enforcement to take it over. Access to the server gives the security company the ability to decrypt the ransomware victims files. This is for example the case with GangCrab ransomware.
edited May 16 at 20:31
eclipz905
1092 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
edited May 16 at 20:31
eclipz905
1092 bronze badges
edited May 16 at 20:31
eclipz905
1092 bronze badges
edited May 16 at 20:31
eclipz905
1092 bronze badges
1092 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
answered May 15 at 19:02
George Y.George Y.
3,3462 gold badges7 silver badges15 bronze badges
3,3462 gold badges7 silver badges15 bronze badges
6
There is of course the possibility that there is no decryption key. Once the criminals get the ransom, why would they care about repairing the damage done?
– gnasher729
May 15 at 20:54
56
@gnasher729 people are also lot more likely to pay up if your particular malware has a reputation for following through on decryption. If you never get your files back no ones going to pay. (Sometimes you're right though)
– Richard Tingle
May 15 at 21:39
22
@gnasher729 I would be more inclined to pay a ransom for my family if the abductors don't have the reputation to kill the hostages anyway ;)
– Thomas
May 16 at 7:47
27
@Damon If you're talking about third world professional kidnappers that's not really true. There's a whole insurance industry around paying ransoms because those kidnappers want money, they don't want companies to just write off their employees or worse stop sending employees to the country altogether.
– IllusiveBrian
May 16 at 13:57
4
And yes, we know. Chuck Norris and intelligence agencies can track down Tor hidden services, the latter with a few clicks, the former with a roundhouse kick to the screen
– usr-local-ΕΨΗΕΛΩΝ
May 16 at 15:26
|
show 11 more comments
6
There is of course the possibility that there is no decryption key. Once the criminals get the ransom, why would they care about repairing the damage done?
– gnasher729
May 15 at 20:54
56
@gnasher729 people are also lot more likely to pay up if your particular malware has a reputation for following through on decryption. If you never get your files back no ones going to pay. (Sometimes you're right though)
– Richard Tingle
May 15 at 21:39
22
@gnasher729 I would be more inclined to pay a ransom for my family if the abductors don't have the reputation to kill the hostages anyway ;)
– Thomas
May 16 at 7:47
27
@Damon If you're talking about third world professional kidnappers that's not really true. There's a whole insurance industry around paying ransoms because those kidnappers want money, they don't want companies to just write off their employees or worse stop sending employees to the country altogether.
– IllusiveBrian
May 16 at 13:57
4
And yes, we know. Chuck Norris and intelligence agencies can track down Tor hidden services, the latter with a few clicks, the former with a roundhouse kick to the screen
– usr-local-ΕΨΗΕΛΩΝ
May 16 at 15:26
6
6
There is of course the possibility that there is no decryption key. Once the criminals get the ransom, why would they care about repairing the damage done?
– gnasher729
May 15 at 20:54
There is of course the possibility that there is no decryption key. Once the criminals get the ransom, why would they care about repairing the damage done?
– gnasher729
May 15 at 20:54
56
56
@gnasher729 people are also lot more likely to pay up if your particular malware has a reputation for following through on decryption. If you never get your files back no ones going to pay. (Sometimes you're right though)
– Richard Tingle
May 15 at 21:39
@gnasher729 people are also lot more likely to pay up if your particular malware has a reputation for following through on decryption. If you never get your files back no ones going to pay. (Sometimes you're right though)
– Richard Tingle
May 15 at 21:39
22
22
@gnasher729 I would be more inclined to pay a ransom for my family if the abductors don't have the reputation to kill the hostages anyway ;)
– Thomas
May 16 at 7:47
@gnasher729 I would be more inclined to pay a ransom for my family if the abductors don't have the reputation to kill the hostages anyway ;)
– Thomas
May 16 at 7:47
27
27
@Damon If you're talking about third world professional kidnappers that's not really true. There's a whole insurance industry around paying ransoms because those kidnappers want money, they don't want companies to just write off their employees or worse stop sending employees to the country altogether.
– IllusiveBrian
May 16 at 13:57
@Damon If you're talking about third world professional kidnappers that's not really true. There's a whole insurance industry around paying ransoms because those kidnappers want money, they don't want companies to just write off their employees or worse stop sending employees to the country altogether.
– IllusiveBrian
May 16 at 13:57
4
4
And yes, we know. Chuck Norris and intelligence agencies can track down Tor hidden services, the latter with a few clicks, the former with a roundhouse kick to the screen
– usr-local-ΕΨΗΕΛΩΝ
May 16 at 15:26
And yes, we know. Chuck Norris and intelligence agencies can track down Tor hidden services, the latter with a few clicks, the former with a roundhouse kick to the screen
– usr-local-ΕΨΗΕΛΩΝ
May 16 at 15:26
|
show 11 more comments
It is just a cost/gain question. Ransomware developers generally do not want to build a security tool with all the involved reviewing. They just want the less expensive tool that will allow them to get more money than it cost. Of course, they are probably breakable, but who cares? Provided some of the first victims have paid what they were asked, the attacker gets much more money than they spent. Furthermore, the longer you use one, the higher the risk to be caught if a governmental security agency manages to come into play.
It is more or less what many real-life thieves do when they manage to enter in a random house: take the most valuable things in the shortest possible time and go away.
Things are different both in the real life and IT world for targetted attacks. If you want to attack a bank or a jewelry shop, the gain is expected to be high enough to spend a lot of preparation time. The same when a governmental service attacks a strategic target, they will use higher quality tools. But it is seldom used for random targets.
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
add a comment
|
It is just a cost/gain question. Ransomware developers generally do not want to build a security tool with all the involved reviewing. They just want the less expensive tool that will allow them to get more money than it cost. Of course, they are probably breakable, but who cares? Provided some of the first victims have paid what they were asked, the attacker gets much more money than they spent. Furthermore, the longer you use one, the higher the risk to be caught if a governmental security agency manages to come into play.
It is more or less what many real-life thieves do when they manage to enter in a random house: take the most valuable things in the shortest possible time and go away.
Things are different both in the real life and IT world for targetted attacks. If you want to attack a bank or a jewelry shop, the gain is expected to be high enough to spend a lot of preparation time. The same when a governmental service attacks a strategic target, they will use higher quality tools. But it is seldom used for random targets.
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
add a comment
|
It is just a cost/gain question. Ransomware developers generally do not want to build a security tool with all the involved reviewing. They just want the less expensive tool that will allow them to get more money than it cost. Of course, they are probably breakable, but who cares? Provided some of the first victims have paid what they were asked, the attacker gets much more money than they spent. Furthermore, the longer you use one, the higher the risk to be caught if a governmental security agency manages to come into play.
It is more or less what many real-life thieves do when they manage to enter in a random house: take the most valuable things in the shortest possible time and go away.
Things are different both in the real life and IT world for targetted attacks. If you want to attack a bank or a jewelry shop, the gain is expected to be high enough to spend a lot of preparation time. The same when a governmental service attacks a strategic target, they will use higher quality tools. But it is seldom used for random targets.
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
It is just a cost/gain question. Ransomware developers generally do not want to build a security tool with all the involved reviewing. They just want the less expensive tool that will allow them to get more money than it cost. Of course, they are probably breakable, but who cares? Provided some of the first victims have paid what they were asked, the attacker gets much more money than they spent. Furthermore, the longer you use one, the higher the risk to be caught if a governmental security agency manages to come into play.
It is more or less what many real-life thieves do when they manage to enter in a random house: take the most valuable things in the shortest possible time and go away.
Things are different both in the real life and IT world for targetted attacks. If you want to attack a bank or a jewelry shop, the gain is expected to be high enough to spend a lot of preparation time. The same when a governmental service attacks a strategic target, they will use higher quality tools. But it is seldom used for random targets.
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
edited May 15 at 16:12
schroeder♦
87.7k36 gold badges198 silver badges235 bronze badges
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
answered May 15 at 16:07
Serge BallestaSerge Ballesta
19.2k4 gold badges33 silver badges66 bronze badges
19.2k4 gold badges33 silver badges66 bronze badges
add a comment
|
add a comment
|
The obvious answer is that no criminal would want to interact so directly with their victim.
"send the encrypted private RSA key to the attackers"
requires a consistent point of contact.
In the current model, all the communication is one-way and fungible:
- malware displays a screen instructing the victim to deposit bitcoins (no direct contact)
- criminals monitor deposits and send email with key (communication is automated and one-way from any disposable intermediary)
The current model works so well, it is one of the top threats worldwide. There are always ways to improve a system, but if it isn't broken, what's the benefit?
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
1
Well, the current model does not work in so many cases. But to your answer: If the attacker only want to communicate one-way, they either have to have a single decryption key for all victims or they have to hard code a individual RSA Public key for every infected machine. However, it would be easy to send the encrypted private key to a server just after the infection. (They usually have to download the ransomware from a server anyway.) Then the decryption can be done automatically as you described.
– kiara
May 15 at 15:56
2
how is that evidence of it not working?
– schroeder♦
May 15 at 15:58
2
The encryption is not messed up. The encryption is fine. The problem is that the key is exposed after people submit the encrypted files and received keys for analysis. When this happens, the criminals just change the keys or even the code base (lots to choose from). There is no error here and nothing to fix.
– schroeder♦
May 15 at 16:02
1
"it would be easy to send the encrypted private key to a server just after the infection" - that creates a trail back to the attackers. No criminal would want that, as I said.
– schroeder♦
May 15 at 16:06
2
@noɥʇʎԀʎzɐɹƆ Seems like a lot more work and development effort to set up then current established methods. If you are a malware author, you only care to a limited extend if a decryptor gets released eventually - proportionally with how much time you spent making it. You just make another ransomware then
– Magisch
May 17 at 9:41
|
show 3 more comments
The obvious answer is that no criminal would want to interact so directly with their victim.
"send the encrypted private RSA key to the attackers"
requires a consistent point of contact.
In the current model, all the communication is one-way and fungible:
- malware displays a screen instructing the victim to deposit bitcoins (no direct contact)
- criminals monitor deposits and send email with key (communication is automated and one-way from any disposable intermediary)
The current model works so well, it is one of the top threats worldwide. There are always ways to improve a system, but if it isn't broken, what's the benefit?
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
1
Well, the current model does not work in so many cases. But to your answer: If the attacker only want to communicate one-way, they either have to have a single decryption key for all victims or they have to hard code a individual RSA Public key for every infected machine. However, it would be easy to send the encrypted private key to a server just after the infection. (They usually have to download the ransomware from a server anyway.) Then the decryption can be done automatically as you described.
– kiara
May 15 at 15:56
2
how is that evidence of it not working?
– schroeder♦
May 15 at 15:58
2
The encryption is not messed up. The encryption is fine. The problem is that the key is exposed after people submit the encrypted files and received keys for analysis. When this happens, the criminals just change the keys or even the code base (lots to choose from). There is no error here and nothing to fix.
– schroeder♦
May 15 at 16:02
1
"it would be easy to send the encrypted private key to a server just after the infection" - that creates a trail back to the attackers. No criminal would want that, as I said.
– schroeder♦
May 15 at 16:06
2
@noɥʇʎԀʎzɐɹƆ Seems like a lot more work and development effort to set up then current established methods. If you are a malware author, you only care to a limited extend if a decryptor gets released eventually - proportionally with how much time you spent making it. You just make another ransomware then
– Magisch
May 17 at 9:41
|
show 3 more comments
The obvious answer is that no criminal would want to interact so directly with their victim.
"send the encrypted private RSA key to the attackers"
requires a consistent point of contact.
In the current model, all the communication is one-way and fungible:
- malware displays a screen instructing the victim to deposit bitcoins (no direct contact)
- criminals monitor deposits and send email with key (communication is automated and one-way from any disposable intermediary)
The current model works so well, it is one of the top threats worldwide. There are always ways to improve a system, but if it isn't broken, what's the benefit?
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
The obvious answer is that no criminal would want to interact so directly with their victim.
"send the encrypted private RSA key to the attackers"
requires a consistent point of contact.
In the current model, all the communication is one-way and fungible:
- malware displays a screen instructing the victim to deposit bitcoins (no direct contact)
- criminals monitor deposits and send email with key (communication is automated and one-way from any disposable intermediary)
The current model works so well, it is one of the top threats worldwide. There are always ways to improve a system, but if it isn't broken, what's the benefit?
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
answered May 15 at 15:42
schroeder♦schroeder
87.7k36 gold badges198 silver badges235 bronze badges
87.7k36 gold badges198 silver badges235 bronze badges
1
Well, the current model does not work in so many cases. But to your answer: If the attacker only want to communicate one-way, they either have to have a single decryption key for all victims or they have to hard code a individual RSA Public key for every infected machine. However, it would be easy to send the encrypted private key to a server just after the infection. (They usually have to download the ransomware from a server anyway.) Then the decryption can be done automatically as you described.
– kiara
May 15 at 15:56
2
how is that evidence of it not working?
– schroeder♦
May 15 at 15:58
2
The encryption is not messed up. The encryption is fine. The problem is that the key is exposed after people submit the encrypted files and received keys for analysis. When this happens, the criminals just change the keys or even the code base (lots to choose from). There is no error here and nothing to fix.
– schroeder♦
May 15 at 16:02
1
"it would be easy to send the encrypted private key to a server just after the infection" - that creates a trail back to the attackers. No criminal would want that, as I said.
– schroeder♦
May 15 at 16:06
2
@noɥʇʎԀʎzɐɹƆ Seems like a lot more work and development effort to set up then current established methods. If you are a malware author, you only care to a limited extend if a decryptor gets released eventually - proportionally with how much time you spent making it. You just make another ransomware then
– Magisch
May 17 at 9:41
|
show 3 more comments
1
Well, the current model does not work in so many cases. But to your answer: If the attacker only want to communicate one-way, they either have to have a single decryption key for all victims or they have to hard code a individual RSA Public key for every infected machine. However, it would be easy to send the encrypted private key to a server just after the infection. (They usually have to download the ransomware from a server anyway.) Then the decryption can be done automatically as you described.
– kiara
May 15 at 15:56
2
how is that evidence of it not working?
– schroeder♦
May 15 at 15:58
2
The encryption is not messed up. The encryption is fine. The problem is that the key is exposed after people submit the encrypted files and received keys for analysis. When this happens, the criminals just change the keys or even the code base (lots to choose from). There is no error here and nothing to fix.
– schroeder♦
May 15 at 16:02
1
"it would be easy to send the encrypted private key to a server just after the infection" - that creates a trail back to the attackers. No criminal would want that, as I said.
– schroeder♦
May 15 at 16:06
2
@noɥʇʎԀʎzɐɹƆ Seems like a lot more work and development effort to set up then current established methods. If you are a malware author, you only care to a limited extend if a decryptor gets released eventually - proportionally with how much time you spent making it. You just make another ransomware then
– Magisch
May 17 at 9:41
1
1
Well, the current model does not work in so many cases. But to your answer: If the attacker only want to communicate one-way, they either have to have a single decryption key for all victims or they have to hard code a individual RSA Public key for every infected machine. However, it would be easy to send the encrypted private key to a server just after the infection. (They usually have to download the ransomware from a server anyway.) Then the decryption can be done automatically as you described.
– kiara
May 15 at 15:56
Well, the current model does not work in so many cases. But to your answer: If the attacker only want to communicate one-way, they either have to have a single decryption key for all victims or they have to hard code a individual RSA Public key for every infected machine. However, it would be easy to send the encrypted private key to a server just after the infection. (They usually have to download the ransomware from a server anyway.) Then the decryption can be done automatically as you described.
– kiara
May 15 at 15:56
2
2
how is that evidence of it not working?
– schroeder♦
May 15 at 15:58
how is that evidence of it not working?
– schroeder♦
May 15 at 15:58
2
2
The encryption is not messed up. The encryption is fine. The problem is that the key is exposed after people submit the encrypted files and received keys for analysis. When this happens, the criminals just change the keys or even the code base (lots to choose from). There is no error here and nothing to fix.
– schroeder♦
May 15 at 16:02
The encryption is not messed up. The encryption is fine. The problem is that the key is exposed after people submit the encrypted files and received keys for analysis. When this happens, the criminals just change the keys or even the code base (lots to choose from). There is no error here and nothing to fix.
– schroeder♦
May 15 at 16:02
1
1
"it would be easy to send the encrypted private key to a server just after the infection" - that creates a trail back to the attackers. No criminal would want that, as I said.
– schroeder♦
May 15 at 16:06
"it would be easy to send the encrypted private key to a server just after the infection" - that creates a trail back to the attackers. No criminal would want that, as I said.
– schroeder♦
May 15 at 16:06
2
2
@noɥʇʎԀʎzɐɹƆ Seems like a lot more work and development effort to set up then current established methods. If you are a malware author, you only care to a limited extend if a decryptor gets released eventually - proportionally with how much time you spent making it. You just make another ransomware then
– Magisch
May 17 at 9:41
@noɥʇʎԀʎzɐɹƆ Seems like a lot more work and development effort to set up then current established methods. If you are a malware author, you only care to a limited extend if a decryptor gets released eventually - proportionally with how much time you spent making it. You just make another ransomware then
– Magisch
May 17 at 9:41
|
show 3 more comments
Frankly, it's pretty tricky to pull off good file encryption and decryption, even with a library that's supposed to do it for you. I tried to modify a cryptor (meant to obfuscate viruses to hide their signatures from antivirus programs) that used a very basic bitshift technique originally, and it didn't work well because most antivirus programs would literally brute force the binary and could realize that it was actually a virus! I wanted to replace the bitshift "encryption", if you could even call it that, with AES encryption via a C# library that I had used successfully in the past for strings, but I could never make it work. Another problem is that the more complicated your encryption algorith is, the longer it takes to sweep the entire disk, and then decrypt at the end when/if they pay. It's also more likely to fail in the middle and result in an incomplete job.
What I saw once on my grandma's computer, back before ransomware really took off and got better, was a ransomware program that supposedly encrypted her files and wanted about $200 to decrypt them. All it did in reality was add the extension ".crypted" to the end of every single file so windows didn't know what program to use to open any of them! Once I figured that out, all that was necessary to do was use the task manager to locate and delete the original ransomware file, then write a batch script to recursively check every file on the system for the .crypted extension and remove it if present. Problem solved within an hour, no money paid to hackers at all! But if they had used AES, this technique wouldn't have worked at all, and deleting the virus file would probably destroy any hope you ever had of cracking the military grade encryption.
The difference is that the guy who used the first technique of renaming the file extension so windows couldn't open any files probably already had hundreds of infections by the time the guy using military grade encryption even finished his virus, and the 5% of people who are smart enough to fix the first one are probably also smart enough to not be infected by the second one. The other 95% of people who couldn't figure out any way to fix either virus other than just paying the ransom, probably paid it the first time (to the guy with the easily breakable ransomware) and then immediately set up a full backup solution to prevent it from ever happening again. If they later got infected by the military grade ransomware, they already learned their lesson once and just restored from the backup. Hopefully even people who haven't been infected yet start to set up backups, so they never even have to pay the ransom once.
From this scenario, you can see how the guy with the easily breakable ransomware can release it first, it acts faster and is more reliable and easier to reverse even if the antivirus program manages to delete the virus before decryption, and because of that, he will make more money than the person who spends tons of time setting up a fully bulletproof ransomware virus, but is later to the market after people have started to wise up and back up their important files.
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
How did you restore the original file extensions? Or did the Ransomware append the .crypted extension to the original filename including the extension? I.e: photo.png.crypted
– Morgan
May 18 at 13:23
@Morgan, yes they literally just added the extension ".crypted" to the end of every single file windows would let them modify automatically! Lowest effort ransomware ever, but very easily reversible for both the ransomware itself and for any competent computer user. Unfortunately, probably 80% of computer users are not that competent, and even if they know what role the file extension plays and they don't freak out about the windows warning message you get while changing them, it would take days/weeks to revert them all by hand without a script.
– Cyle Langenhennig
Jul 8 at 21:34
add a comment
|
Frankly, it's pretty tricky to pull off good file encryption and decryption, even with a library that's supposed to do it for you. I tried to modify a cryptor (meant to obfuscate viruses to hide their signatures from antivirus programs) that used a very basic bitshift technique originally, and it didn't work well because most antivirus programs would literally brute force the binary and could realize that it was actually a virus! I wanted to replace the bitshift "encryption", if you could even call it that, with AES encryption via a C# library that I had used successfully in the past for strings, but I could never make it work. Another problem is that the more complicated your encryption algorith is, the longer it takes to sweep the entire disk, and then decrypt at the end when/if they pay. It's also more likely to fail in the middle and result in an incomplete job.
What I saw once on my grandma's computer, back before ransomware really took off and got better, was a ransomware program that supposedly encrypted her files and wanted about $200 to decrypt them. All it did in reality was add the extension ".crypted" to the end of every single file so windows didn't know what program to use to open any of them! Once I figured that out, all that was necessary to do was use the task manager to locate and delete the original ransomware file, then write a batch script to recursively check every file on the system for the .crypted extension and remove it if present. Problem solved within an hour, no money paid to hackers at all! But if they had used AES, this technique wouldn't have worked at all, and deleting the virus file would probably destroy any hope you ever had of cracking the military grade encryption.
The difference is that the guy who used the first technique of renaming the file extension so windows couldn't open any files probably already had hundreds of infections by the time the guy using military grade encryption even finished his virus, and the 5% of people who are smart enough to fix the first one are probably also smart enough to not be infected by the second one. The other 95% of people who couldn't figure out any way to fix either virus other than just paying the ransom, probably paid it the first time (to the guy with the easily breakable ransomware) and then immediately set up a full backup solution to prevent it from ever happening again. If they later got infected by the military grade ransomware, they already learned their lesson once and just restored from the backup. Hopefully even people who haven't been infected yet start to set up backups, so they never even have to pay the ransom once.
From this scenario, you can see how the guy with the easily breakable ransomware can release it first, it acts faster and is more reliable and easier to reverse even if the antivirus program manages to delete the virus before decryption, and because of that, he will make more money than the person who spends tons of time setting up a fully bulletproof ransomware virus, but is later to the market after people have started to wise up and back up their important files.
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
How did you restore the original file extensions? Or did the Ransomware append the .crypted extension to the original filename including the extension? I.e: photo.png.crypted
– Morgan
May 18 at 13:23
@Morgan, yes they literally just added the extension ".crypted" to the end of every single file windows would let them modify automatically! Lowest effort ransomware ever, but very easily reversible for both the ransomware itself and for any competent computer user. Unfortunately, probably 80% of computer users are not that competent, and even if they know what role the file extension plays and they don't freak out about the windows warning message you get while changing them, it would take days/weeks to revert them all by hand without a script.
– Cyle Langenhennig
Jul 8 at 21:34
add a comment
|
Frankly, it's pretty tricky to pull off good file encryption and decryption, even with a library that's supposed to do it for you. I tried to modify a cryptor (meant to obfuscate viruses to hide their signatures from antivirus programs) that used a very basic bitshift technique originally, and it didn't work well because most antivirus programs would literally brute force the binary and could realize that it was actually a virus! I wanted to replace the bitshift "encryption", if you could even call it that, with AES encryption via a C# library that I had used successfully in the past for strings, but I could never make it work. Another problem is that the more complicated your encryption algorith is, the longer it takes to sweep the entire disk, and then decrypt at the end when/if they pay. It's also more likely to fail in the middle and result in an incomplete job.
What I saw once on my grandma's computer, back before ransomware really took off and got better, was a ransomware program that supposedly encrypted her files and wanted about $200 to decrypt them. All it did in reality was add the extension ".crypted" to the end of every single file so windows didn't know what program to use to open any of them! Once I figured that out, all that was necessary to do was use the task manager to locate and delete the original ransomware file, then write a batch script to recursively check every file on the system for the .crypted extension and remove it if present. Problem solved within an hour, no money paid to hackers at all! But if they had used AES, this technique wouldn't have worked at all, and deleting the virus file would probably destroy any hope you ever had of cracking the military grade encryption.
The difference is that the guy who used the first technique of renaming the file extension so windows couldn't open any files probably already had hundreds of infections by the time the guy using military grade encryption even finished his virus, and the 5% of people who are smart enough to fix the first one are probably also smart enough to not be infected by the second one. The other 95% of people who couldn't figure out any way to fix either virus other than just paying the ransom, probably paid it the first time (to the guy with the easily breakable ransomware) and then immediately set up a full backup solution to prevent it from ever happening again. If they later got infected by the military grade ransomware, they already learned their lesson once and just restored from the backup. Hopefully even people who haven't been infected yet start to set up backups, so they never even have to pay the ransom once.
From this scenario, you can see how the guy with the easily breakable ransomware can release it first, it acts faster and is more reliable and easier to reverse even if the antivirus program manages to delete the virus before decryption, and because of that, he will make more money than the person who spends tons of time setting up a fully bulletproof ransomware virus, but is later to the market after people have started to wise up and back up their important files.
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
Frankly, it's pretty tricky to pull off good file encryption and decryption, even with a library that's supposed to do it for you. I tried to modify a cryptor (meant to obfuscate viruses to hide their signatures from antivirus programs) that used a very basic bitshift technique originally, and it didn't work well because most antivirus programs would literally brute force the binary and could realize that it was actually a virus! I wanted to replace the bitshift "encryption", if you could even call it that, with AES encryption via a C# library that I had used successfully in the past for strings, but I could never make it work. Another problem is that the more complicated your encryption algorith is, the longer it takes to sweep the entire disk, and then decrypt at the end when/if they pay. It's also more likely to fail in the middle and result in an incomplete job.
What I saw once on my grandma's computer, back before ransomware really took off and got better, was a ransomware program that supposedly encrypted her files and wanted about $200 to decrypt them. All it did in reality was add the extension ".crypted" to the end of every single file so windows didn't know what program to use to open any of them! Once I figured that out, all that was necessary to do was use the task manager to locate and delete the original ransomware file, then write a batch script to recursively check every file on the system for the .crypted extension and remove it if present. Problem solved within an hour, no money paid to hackers at all! But if they had used AES, this technique wouldn't have worked at all, and deleting the virus file would probably destroy any hope you ever had of cracking the military grade encryption.
The difference is that the guy who used the first technique of renaming the file extension so windows couldn't open any files probably already had hundreds of infections by the time the guy using military grade encryption even finished his virus, and the 5% of people who are smart enough to fix the first one are probably also smart enough to not be infected by the second one. The other 95% of people who couldn't figure out any way to fix either virus other than just paying the ransom, probably paid it the first time (to the guy with the easily breakable ransomware) and then immediately set up a full backup solution to prevent it from ever happening again. If they later got infected by the military grade ransomware, they already learned their lesson once and just restored from the backup. Hopefully even people who haven't been infected yet start to set up backups, so they never even have to pay the ransom once.
From this scenario, you can see how the guy with the easily breakable ransomware can release it first, it acts faster and is more reliable and easier to reverse even if the antivirus program manages to delete the virus before decryption, and because of that, he will make more money than the person who spends tons of time setting up a fully bulletproof ransomware virus, but is later to the market after people have started to wise up and back up their important files.
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
answered May 17 at 13:54
Cyle LangenhennigCyle Langenhennig
591 bronze badge
591 bronze badge
How did you restore the original file extensions? Or did the Ransomware append the .crypted extension to the original filename including the extension? I.e: photo.png.crypted
– Morgan
May 18 at 13:23
@Morgan, yes they literally just added the extension ".crypted" to the end of every single file windows would let them modify automatically! Lowest effort ransomware ever, but very easily reversible for both the ransomware itself and for any competent computer user. Unfortunately, probably 80% of computer users are not that competent, and even if they know what role the file extension plays and they don't freak out about the windows warning message you get while changing them, it would take days/weeks to revert them all by hand without a script.
– Cyle Langenhennig
Jul 8 at 21:34
add a comment
|
How did you restore the original file extensions? Or did the Ransomware append the .crypted extension to the original filename including the extension? I.e: photo.png.crypted
– Morgan
May 18 at 13:23
@Morgan, yes they literally just added the extension ".crypted" to the end of every single file windows would let them modify automatically! Lowest effort ransomware ever, but very easily reversible for both the ransomware itself and for any competent computer user. Unfortunately, probably 80% of computer users are not that competent, and even if they know what role the file extension plays and they don't freak out about the windows warning message you get while changing them, it would take days/weeks to revert them all by hand without a script.
– Cyle Langenhennig
Jul 8 at 21:34
How did you restore the original file extensions? Or did the Ransomware append the .crypted extension to the original filename including the extension? I.e: photo.png.crypted
– Morgan
May 18 at 13:23
How did you restore the original file extensions? Or did the Ransomware append the .crypted extension to the original filename including the extension? I.e: photo.png.crypted
– Morgan
May 18 at 13:23
@Morgan, yes they literally just added the extension ".crypted" to the end of every single file windows would let them modify automatically! Lowest effort ransomware ever, but very easily reversible for both the ransomware itself and for any competent computer user. Unfortunately, probably 80% of computer users are not that competent, and even if they know what role the file extension plays and they don't freak out about the windows warning message you get while changing them, it would take days/weeks to revert them all by hand without a script.
– Cyle Langenhennig
Jul 8 at 21:34
@Morgan, yes they literally just added the extension ".crypted" to the end of every single file windows would let them modify automatically! Lowest effort ransomware ever, but very easily reversible for both the ransomware itself and for any competent computer user. Unfortunately, probably 80% of computer users are not that competent, and even if they know what role the file extension plays and they don't freak out about the windows warning message you get while changing them, it would take days/weeks to revert them all by hand without a script.
– Cyle Langenhennig
Jul 8 at 21:34
add a comment
|
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210243%2fwhy-is-so-much-ransomware-breakable%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
19
Using the Windows crypto API can trigger antivirus heuristics.
– forest
May 15 at 23:25
103
Asking why malware isn't quality is like asking why criminal enterprises aren't stellar examples of business management...
– benxyzzy
May 16 at 6:57
3
Why not encrypt the AES key directly with the public RSA key the attacker controls?
– lvella
May 16 at 10:02
1
You could do that, but in this case, the victim has to send all the encrypted AES-keys (one for each file) to the attacker, which requires more bandwidth. (Alternatively, the attacker could use a single AES-key for all files.) Remark: What i described was the workflow of Wanacry.
– kiara
May 16 at 11:51
2
It is all about business common sense . A
perfectransomware crypter will have a risk the the ransomware actor fail to capture the key. There already happens in a few case that the ransomware failure to send the locally generated key back to its hiding place, which damage the reputation and risk future victims willingness to pay. Leaving some "leniency" hole is the best business strategy.– mootmoot
May 17 at 15:51