Slashdot Mirror
Sneaky Blackmailing Virus That Encrypts Data
BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"
Uh, if 1024-bit RSA was broken, the world of encryption security would collapse (at least for the short term). Could it happen? Sure, it's possible. Will it happen in time to save your pr0n collection? Highly unlikely.
For one thing, compromise of RSA encryption would render SSL useless.
This same thing happened in the late 80's (or maybe early 90's). Some hackers mailed a 5.25 inch floppy with some "free" software on it to thousands of people around the world. When you installed the software, it would hijack your PC and encrypt various files and you had to pay a ransom to get it back. There was a EULA and everything with the disk (which of course nobody read) which made it clear what would happen if you installed the disk. Perhaps someone can remember what it was called.
The last version was eventually "cracked", because the virus used the same key for all the encrypted files so once someone paid up they could distribute the key.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
"And how often do you roll through your backups? "
try 'never i use 1 time recordable optical media'
i realize some people use 'rewritable' media for backups, and have this 'roll over' issue, but the only part of my backup that does rollover is the redundant external HDD for 'critical' data that i don't trust entirely to a DVD media, even is i only buy grade 1 media...
I don't have a small data set either, I have over 1 TB of stuff on optical discs, but surprisingly only about 30 gigs that is important enough to go to a redundant hdd.
https://www.gnu.org/philosophy/free-sw.html
Given properly rolling backups, you don't just keep dailies for the past month. You keep dailies for a week, and weeklies for a month, and monthlies for however long you have space for.
And given that most people work in files which are essentially text or the moral equivalent (Word docs, etc), it's likely that you do, in fact, have enough space for a very, very large number of backups.
Don't thank God, thank a doctor!
This is data ransom, not blackmail.
Fortunately, brute force attacks aren't necessary. If one can read the memory space used by the 'decryptor' one can find the key in seconds.
this is why movie content will 'never' be immune to cracking. in the case of this virus, the decryptor is sent to you over the internet, if you pay the money, but having a good backup scheme also defeats the need to brute force. having a good security setup, should negate even the need for backups to prevent infection in the first place.
so always have a competent hardened firewall device like smoothwall express, never download attachments (webmail helps a lot in this arena, along with a secure browser, and a phishing aware user/browser add-on) avoid windows like the plague, but if you must run windows make sure it can only get access to the actual ports of the programs you actually use on it. and never run as administrator, unless you really genuinely need to do something that can't be done as a normal user.
trusting a 'commercial' 'hardware' router to protect a windows machine is insane, even if you've replaced the firmware with some variant of linux, it's Still Not hardened like smoothwall...
fine if you have all linux/bsd machines, but windows has as much security as the emperor had new clothes, even with a $$$ security suite. sad but true, only 0% of tested windows security software could stop 50/50 2006/2007 known rootkit/malware post install... the best was i think being able to remove 7/50 and 13/50, if it had actually gotten installed. specialized tools were also tested, not just suites.
the point being, if you must run windows remember that a piece of paper stands more chance of surviving a nuclear blast at point blank than windows has of being de-rooted without a format.
https://www.gnu.org/philosophy/free-sw.html
An important part of the backup process is to occasionally test the backups to make sure that they can be restored properly. corrupted backups suck, but do happen. I test my personal ones pretty regularly. I test my work ones on a set schedule. You should too.
http://en.wikipedia.org/wiki/Ransomware_(malware)
The crypting your files and extort has been around since 1989 http://en.wikipedia.org/wiki/PC_Cyborg_Trojan
Allow me to tell you how the money trail on this works:
You are asked to send money through Western Union or some other provider that doesn't check your ID for amounts smaller than a few thousand USD. Then they send some bum to one of the thousand WD offices, somewhere on this planet, with the withdrawal code. And only once they get your money, you get your decryption key.
So, now you know where the money ends up, and why police can't do jack about it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
As it was pointed out by another poster, no 1024-bit RSA is not sufficiently strong. Recent papers have demonstrated that factoring a 1024-bit key is now within practical reach. See for example this PhD dissertation from a student whose advisor was Shamir (the S in RSA FYI), which estimates that cracking a 1024-bit key would cost a few million US dollars.
Sure, at this point only a small number of organizations have a few million dollars to spare on cracking RSA, but this is beyond the point. The flaw is sufficiently serious that security standards are now recommending 2048-bit RSA keys minimum.
What I am talking about are relatively recent developments, it is not very well-known that 2048-bit is the minimum recommended length. This is why 1024-bit keys are still wildly used everywhere. My bank (www.wellsfargo.com) uses a 1024-bit key...
"And only once they get your money, you don't get your decryption key."
There, fixed that for you. :-)
No, Western Union discontinued telegrams 2 years ago
in Nigeria?
There are real banks in Nigeria, owned by the ruling ethnic group, that's where the billions of dollars from oil goes. The rulers get their money while those who live where the oil comes from, the Niger Delta, have to fight for scraps.
FalconShould there be a Law?