Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Distributed Computing To Thwart Ransomware

Posted by CmdrTaco on from the much-less-satisfying-than-a-shovel-to-the-face dept.

I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."

39 of 361 comments (clear)

  1. Seems rather futile.. by FluffyWithTeeth · · Score: 5, Insightful

    Surely all the have to do is start using a new key every so often, and the task becomes pointless?

    1. Re:Seems rather futile.. by SQLGuru · · Score: 5, Insightful

      Surely all you have to do is make frequent back-ups of your critical data and the virus becomes pointless.

      Hacker - You must pay me $100 or your files will be forever encrypted by my nigh-unbreakable RSA code.
      User - Meh, I just wiped my system of your virus and restored my important files from back-up. Piss off.

      Layne

    2. Re:Seems rather futile.. by oldspewey · · Score: 5, Informative

      As has been pointed out in the past - the people who are most likely to become infected with a ransomware virus are exactly the same people who are least likely to have backups available.

      --
      If libertarians are so opposed to effective government, why don't they all move to Somalia?
    3. Re:Seems rather futile.. by Silver+Sloth · · Score: 4, Insightful

      Good, sometimes there's only one way to learn about why we have backups. After all, they're just as much at risk from hard disk crashes.

      --
      init 11 - for when you need that edge.
    4. Re:Seems rather futile.. by Sique · · Score: 4, Funny

      So this is another lesson in Computer Security 101: "No one likes Backups, but everyone likes Restore"?

      --
      .sig: Sique *sigh*
    5. Re:Seems rather futile.. by bigstrat2003 · · Score: 3, Insightful

      I use Windows because I'm not brain-dead and can keep my machine secure. For those of us who know what we're doing, it doesn't matter what OS we use. For those of us who don't know what we're doing, similarly, it doesn't matter what OS we use: you're only kidding yourself if you think that widespread Linux adoption would result in there not being many/any pwned machines. The user is, and always will be the biggest computer vulnerability.

      --
      "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
    6. Re:Seems rather futile.. by Anonymous+Conrad · · Score: 5, Informative

      I'll assume someone paid the ransom at least once. So what key did they use to decrypt? Do us a favor and post it.

      As for it being a trick to crack a root signing key, would they not have to have the private key to encrypt with to start? ... huh?

      It works like this:

      1. Virus generates a random encryption key and encrypts your data with it. Let's call this K.
      2. Virus encrypts the random key with a RSA public key and instructs you to email that, R(K), and your money, to the ransomers.
      3. The ransomers use their RSA private key to decrypt the encrypted random encryption key, R(K), into K.
      4. You use the random encryption key they sold back to you, K, to rescue your data.

      Someone else's decryption key, K', is not useful to you because your data was encrypted with a different random key K. You have an RSA-encrypted copy of your own random key, R(K), because that's what the ransomers need you to send them so they can sell you the decryption key K. We're trying to crack the RSA private key so we can generate K from R(K) without having to pay them money, i.e. sidestep step 3.
    7. Re:Seems rather futile.. by AmiMoJo · · Score: 3, Insightful

      While I too get frustrated by incompetent users, I think that attitude is a bit harsh. Computers are supposed to have reached the point of being easy to use by laymen, and automatic backup should be part of that.

      Time Machine on MacOS seems to be just about there, all they need to do is bundle an external HDD or offer a free online component for personal docs.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. I've got a better idea by elrous0 · · Score: 5, Insightful

    Encourage people to make backups of their data on disc, tape, or portable harddrives. I know that's a radical idea, but it just might be crazy enough to work.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:I've got a better idea by Opportunist · · Score: 5, Funny

      I think, personally, that human stupidity is a gold mine, and I'm slowly losing any inhibition and cashing in on it.

      Way ahead of you. I went into IT security years ago. It is a gold mine. You can basically sell snakeoil and people will kill each other to buy it from you.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:I've got a better idea by mweather · · Score: 4, Funny

      You backup to the same computer? I don't even backup to the same state!

    3. Re:I've got a better idea by Daimanta · · Score: 3, Funny

      I don't even backup to the same planet!

      --
      Knowledge is power. Knowledge shared is power lost.
    4. Re:I've got a better idea by TheRealFixer · · Score: 5, Funny

      Psh... backups? I restore my data from a parallel universe, where I didn't get hit by a virus in the first place.

    5. Re:I've got a better idea by SatanicPuppy · · Score: 3, Interesting

      If we had a backup, wouldn't it be possible to break the encryption using the backed-up data as a crib? Why force the key directly when you know what is in a large chunk of the cyphertext?

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    6. Re:I've got a better idea by Anonymous Coward · · Score: 3, Funny

      I don't see the allure of backup. This one time I tried backing up my computer, I backed it up all the way, and then it kept shutting off. So I brought it back forward and it runs far cooler now that the fan isn't sealed off by the wall.

    7. Re:I've got a better idea by evanbd · · Score: 3, Informative

      Known plaintext attacks are a mainstay of cryptanalysis. They tend to be more powerful than other attacks, but they still don't help much. Factoring is the best known technique for RSA, even given known plaintext or chosen plaintext.

    8. Re:I've got a better idea by cowscows · · Score: 5, Insightful

      So what you're saying is that anyone who lives in any fashion beyond subsistence farming is stupid?

      Banking, religion, and politics all have their problems, no doubt. But they're all important and persistent factors in the progress that humanity has made. They've all been involved in bad things, but they've all be involved in lots of good things as well.

      A human being is, on their own, capable of many things, both good and bad. Structures, systems, corporations, religions, corporations...they've all allowed us as a civilization to accomplish tasks that no one man could accomplish on his own. Some good and some bad, but all it does is amplify our abilities.

      --

      One time I threw a brick at a duck.

    9. Re:I've got a better idea by roc97007 · · Score: 5, Funny

      > Psh... backups? I restore my data from a parallel universe, where I didn't get hit by a virus in the first place.

      K dkd that, but kt turns out they use a slkghtly dkfferent alphabet kn that unkverse.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    10. Re:I've got a better idea by DamnStupidElf · · Score: 4, Informative

      Even further, you *don't* have the known plaintext to break RSA because it's a random symmetric key encrypted with RSA that is used to encrypt the files by the virus. Every modern cipher since DES has been highly resistant to known plaintext attacks. That's a basic requirement for a cipher to be considered non-broken.

    11. Re:I've got a better idea by gclef · · Score: 3, Funny

      You can basically sell snakeoil and people will kill each other to buy it from you. You've chosen a very appropriate screen name.
  3. track down the people who wrote the virus and for by jalet · · Score: 4, Funny

    Where's Jack Bauer when you need him ???

    --
    Votez ecolo : Chiez dans l'urne !
  4. Damn it by alx5000 · · Score: 4, Funny

    Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.

    If only I hadn't erased Jack Bauer's cell from my contact list after the last season...

    --
    My 0.02 cents
  5. Tag: Goodluckwiththat by Opportunist · · Score: 4, Interesting

    The people who did that sit in a country ending in -stan. Countries ending in -stan have real problems and don't care for problems their citizens cause abroad.

    You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Tag: Goodluckwiththat by CodeBuster · · Score: 3, Informative

      You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol. Nothing came of it because you did not sweeten the pot for local law enforcement, politicians, and judges with large bribes. If one wants justice or even just to get something done in a -stan country then one has to grease the wheels of the local economy or in other words its pay (more than your opponent) to play. This is how much of the world outside of the United States, Britain, and Western Europe functions, it is practically impossible to get things done or at least done quickly if bribes are not involved.
  6. 15 million modern computers?? by iamacat · · Score: 3, Insightful

    They are best off using a large botnet then. Perhaps modify the extortion virus itself so that it's part of solution rather than part of the problem.

  7. 15 million CPU years by robo_mojo · · Score: 3, Interesting

    15 million CPU years per key? And the attacker can just make up new keys as often as he likes. He could even make a different key for each target if he wanted.

    15 million CPU years is a lot to spend when you could just restore from backups.

  8. Re:Make them talk? by Opportunist · · Score: 5, Funny

    Simple. Lock them in a cell with a person whose complete pr0n collection is now encrypted. Then go out and come back about an hour later. They talk. They will confess everything, including the assassination of JFK, just as long as they don't have to spend more time with someone whose jackoff material is gone and they're to blame for it.

    Talk about motivation!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Interbank Data Recovery Services by wagnerrp · · Score: 5, Funny

    Fortunately, we had Interbank Data Recovery Services. And Interbank does more than just acquire the decryption key.

    That's because Interbank vows to find out who sent you the ransom and hunt them down like animals. Like filthy, dirty animals. That's the Interbank difference. See, I don't care how Interbank's secret police get things done. I just care that they get things done. For us.

    Plus, because we'd enrolled in their Premiere Membership program, Interbank also hunted down friends and relatives of the guy who had encrypted our data, dragged them from their beds in the middle of the night, and set fire to their homes.

  10. It is a good devlopment, Don't help them by 140Mandak262Jamuna · · Score: 4, Insightful
    We should not help people whose data is held at ransom. Finally they will see the folly in using cheapest software, in the cheapest platform with no regard for security. Companies will start taking insurance against data loss. And the insurance premium will be more for insecure closed proprietary crapware like Windows.

    As long as security is valued at zero dollars when the IT bean counters are evaluating platforms and vendors crapware will proliferate.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  11. Don't forget the corollary. by khasim · · Score: 5, Insightful

    Don't forget the corollary.

    Encourage the application writers to make their applications EASY TO BACKUP.

    The problem I keep seeing is that TELLING someone to back up their data is easy to do. FINDING ALL of the data is just about impossible.

    You'll never know if you got it all until AFTER a problem.

    Or even ... how about just including a simple script that will look at how it's installed TODAY and back it up to a location chosen by the user? And then that script will generate a script to install that backup should you need it to. Along with license keys and decoding keys and unlocking keys, etc.

    1. Re:Don't forget the corollary. by pla · · Score: 3, Insightful

      Do I just not know some Windows Admin secret magic, or is it true that I really can't back up my applications. I'd like to be able to reinstall Windows and then restore all of my applications.

      Not quite a direct answer, but you might want to consider using mostly "Portable" apps (that site has tons of them, but by no means counts as the only source... And of course, better-designed programs work portably without needing a wrapper).

      They have nothing to do with Linux or FOSS (though they do tend to exist as FOSS and have Linux versions available). You copy the program's directory (and, if you changed it, your data directory) to a new machine, and bam, it just works. No installation, no annoying migration tools that fail half the time, no custom compression schemes that only worked back on version 4.8 but they stopped supporting in 5.0 and no longer sell version 4.8, etc.

      With most of them, you can run them from USB thumb-drives (the original meaning in this context of "portable" - Literally, you can take them with you); With many, you can even run them from read-only media such as a CD (though obviously you can't save your data in the same place when doing so).

  12. Got to be a link to the extortionist by uab21 · · Score: 3, Interesting

    The screenshot at http://news.cnet.com/8301-10784_3-9965381-7.html?tag=nefd.top says that the victim pays to download a 'decryptor'. Either the decryptor contacts, in real time, the extortionist (at a server location that can be linked to them), or the private key is included in the decryptor program, and should be able to be sussed out...

    1. Re:Got to be a link to the extortionist by steveb3210 · · Score: 4, Informative

      The explanation I found on the site isn't quite this simple. The data is encrypted with a randomly-generated symmertic key that is protected with RSA.. You send the bad guys the file with the key in it, they decrpyt it and write a program to decrypt everything..

    2. Re:Got to be a link to the extortionist by Kjella · · Score: 3, Insightful

      Quite simple and very effective and can be done using standard tools:

      1. Encrypt victim's data with random AES key
      2. Store key in body of a PGP message for yourself
      3. Get victim to send you the PGP message
      3. Decrypt PGP message using private PGP key, find AES key
      4. Send AES key to victim - for a price...

      Seriously, this could probably be hacked together in the matter of a few hours if explained to someone knowledgable. The private key never leaves the bad guys. And if they decide the heat is on and torch the operation and set it up elsewhere you're 100% screwed. Trying to crack this must be the most useless operation ever, they could easily make the keys stronger and thousands of years would pass to crack it. In one word: Nasty.

      --
      Live today, because you never know what tomorrow brings
  13. Data recovery by KevMar · · Score: 4, Insightful

    So the encryption is sound, but did he just delete the old files after encrypting them or did he scrub the drive too.

    Someone try to undelete the files with a disk recovery tool and see what you get. Just because the file is encrypted does not mean that the original was correctly destroyed.

    --
    Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
  14. No trust, ergo, no reason to decrypt by mkcmkc · · Score: 3, Insightful
    What seems to be missing here, is the realization that if someone has encrypted your files without your permission (supposedly for ransom), there is no reason to trust them to restore the files correctly, and very good reasons not to trust them.

    I suppose if the file in question was something like a manuscript for a novel, where the owner can more or less verify it by eye, and (importantly) there isn't that much downside if our opponent sneaks some changes in, that might be worthwhile. But in general...

    --
    "Not an actor, but he plays one on TV."
  15. There is a LITTLE magic involved. by khasim · · Score: 3, Informative

    Do I just not know some Windows Admin secret magic, or is it true that I really can't back up my applications.
    There is a little magic that you can try, but you are pretty much correct. You cannot EASILY backup your Windows apps.

    For the Registry, you can "export" the entries for that app to a file and, later, you can import that file into the Registry.

    The problem with the Registry is the same as you've noted with the file system. Stuff gets put EVERYWHERE. And there is no way to KNOW that you have EVERYTHING until AFTER you attempt to restore it. AND that doesn't include anything "updated" when you get a patch or point-zero-one release "upgrade".

    Now, the installer can put that stuff everywhere ... and in theory it can remove that stuff when you un-install it ... but it cannot COPY that stuff to a backup directory/device?

    And I don't want to hear that that is to prevent "piracy". Just encrypt the stuff with the unlocking key or whatever. That way I can keep a TEXT file of app-name -- key code on my USB drive along with the backups.
  16. Other way around by DrYak · · Score: 5, Interesting

    Back in my youth, I never made regular backups.
    Then I got a virus.
    Since then, I make regular backups. Back in my childhood I did regular backups of my family's computer.
    Then we got a virus.
    Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.

    Sometimes you have parents that are both computer geeks, and they teach you the important of offline backups. Never the less, shit happens anyway.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  17. Re:Most Likely to Not Use it and to Pay. by Penguinisto · · Score: 4, Funny
    Twitter - as someone who helps do backups for (insert huge corp here) there's no other way to say this, but... you're an idiot. For the newer folks among us, I'll happily explain why.



    Enterprise-level backup apps are almost always 3rd-party, not "some kind of unreliable M$ thing". Any serious solution also has a means to restore to bare metal, so in effect you need no OS at all to do this.


    (and when was the last time anybody kept any current work on a floppy? Cripes - 1992 called and they want their backup devices back).

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?