2

There is some points that I don't understand yet about ransomwares :

  • the attacker generally put his bitcoin address in the malware, can this address be used to identify and reach him ?
  • on the assumption that the malware use symmetric encryption, can we use reverse engineering to retrieve the key ?
  • on the assumption that the malware use asymmetric encryption, can we use the server which deliver the decryption key after payment to reach the attacker ?
  • as far as I know practically the files themselves aren't encrypted, but another file is created using the secret key then the original file is deleted, so can we use a file recovery program to recover everything ?
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Reda LM
  • 133
  • 3

1 Answers1

6

  • Public key cryptography lets the ransomware encrypt files so that only the malware author (who has the private key) can decrypt them or supply the needed per infection key.

  • Payment in Bitcoins is traceable, since all Bitcoin transactions are public. If the attacker transferred their Bitcoins to an exchange directly and converted them to a conventional currency, law enforcement could demand the records and find their identity. Mixing services allow the attacker to mix their coins together with lots of other legitimate coins, hiding where they end up. Mixing services exist and are only getting better.

  • The decryption for Bitcoins service can be hosted as a TOR hidden service. The attacker can set up a server that watches the bitcoin blockchain for bitcoin payments and provides one decryption key per payment. There is no link between the attacker and the servers except for the initial setup (which can be done through tor) and hosting fees (which can be paid in bitcoins).

All of these technologies are proven. It's just a matter of setting everything up and infecting victims. Until the general public learns to do better backups ransomware is here to stay.

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Richard Thiessen
  • 1,751
  • 9
  • 14