Some Ransomware Better than Others

Monday, February 24, 2014 @ 07:02 PM gHale


Like anything, there are quality products and there are some that are not as strong. The same is true for bad guys that create products like ransomware.

Take a look at CryptoLocker, which encrypts files and holds them that way until a ransom is paid. That piece of ransomware is becoming more de rigueur in the environment today.

RELATED STORIES
Spotlight on Yahoo Malware Attack
Fake Ads on the Attack
Europe Hit by Yahoo Hack
Webcams Can Watch Without User Knowing

But there are some other threats that talk a big game, but can’t walk the walk.

There is one piece of ransomware called BitCrypt discovered by French security researchers who work for Airbus, Fabien Perigaud and Cedric Pernet. They analyzed the malware after it infected a computer belonging to one of their friends and encrypted all the pictures of his children.

Since he had no backups, the only solution was to pay the 0.4 Bitcoin ransom or try to decrypt the files. After analyzing the ransomware, Perigaud and Pernet found the developer had made a big mistake.

He wanted to generate a 128-byte key (1024 bits), but instead generated a 128-digit number, which is the equivalent of only 426 bits. While RSA-1024 bit encryption is not easily breakable with standard computers, the researchers knocked out the 426-bit key in 43 hours on a regular quad-core PC.

The researches published a Python script designed to restore the encrypted files.

Additional technical details are available on the Cassidian Cybersecurity blog.



Leave a Reply

You must be logged in to post a comment.