Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Distributed Computing To Thwart Ransomware

Posted by CmdrTaco on from the much-less-satisfying-than-a-shovel-to-the-face dept.

I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."

4 of 361 comments (clear)

  1. Re:Seems rather futile.. by oldspewey · · Score: 5, Informative

    As has been pointed out in the past - the people who are most likely to become infected with a ransomware virus are exactly the same people who are least likely to have backups available.

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
  2. Re:Got to be a link to the extortionist by steveb3210 · · Score: 4, Informative

    The explanation I found on the site isn't quite this simple. The data is encrypted with a randomly-generated symmertic key that is protected with RSA.. You send the bad guys the file with the key in it, they decrpyt it and write a program to decrypt everything..

  3. Re:Seems rather futile.. by Anonymous+Conrad · · Score: 5, Informative

    I'll assume someone paid the ransom at least once. So what key did they use to decrypt? Do us a favor and post it.

    As for it being a trick to crack a root signing key, would they not have to have the private key to encrypt with to start? ... huh?

    It works like this:

    1. Virus generates a random encryption key and encrypts your data with it. Let's call this K.
    2. Virus encrypts the random key with a RSA public key and instructs you to email that, R(K), and your money, to the ransomers.
    3. The ransomers use their RSA private key to decrypt the encrypted random encryption key, R(K), into K.
    4. You use the random encryption key they sold back to you, K, to rescue your data.

    Someone else's decryption key, K', is not useful to you because your data was encrypted with a different random key K. You have an RSA-encrypted copy of your own random key, R(K), because that's what the ransomers need you to send them so they can sell you the decryption key K. We're trying to crack the RSA private key so we can generate K from R(K) without having to pay them money, i.e. sidestep step 3.
  4. Re:I've got a better idea by DamnStupidElf · · Score: 4, Informative

    Even further, you *don't* have the known plaintext to break RSA because it's a random symmetric key encrypted with RSA that is used to encrypt the files by the virus. Every modern cipher since DES has been highly resistant to known plaintext attacks. That's a basic requirement for a cipher to be considered non-broken.