Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: CryptoDefense: The story of insecure ransomware keys and...

08 Apr 2014   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
CryptoDefense: The story of insecure ransomware keys and...

CryptoDefense: The story of insecure ransomware keys and self-serving bloggers

Quote:
The past week has been particularly eventful for the Emsisoft Malware Research team. It all started about 2 weeks ago, when we received reports of a new ransomware from our friends over at BleepingComputer. A considerable amount of users reported that their files had been encrypted and that all that was left on their system was the following ransom note:
CryptoDefense: The story of insecure ransomware keys and...-cryptodefense_html.png

Quote:
The self-proclaimed name of the culprit? CryptoDefense.

To the attentive reader the name CryptoDefense may look quite familiar, as it sounds suspiciously similar to the infamous CryptoLocker ransomware that has been active since late last year. Like CryptoLocker, CryptoDefense also spreads mostly through spam email campaigns, and it also claims to use RSA with 2048 bit keys to encrypt the userís files. Like CryptoLocker, CryptoDefense also claims that encrypted files canít possibly be decrypted; but unlike CryptoLocker this claim was not initially true.

One of the key differences between CryptoDefense and CryptoLocker is the fact that CryptoLocker generates its RSA key pair on the command and control server. CryptoDefense, on the other hand, uses the Windows CryptoAPI to generate the key pair on the userís system. Now, this wouldnít make too much of a difference if it wasnít for some little known and poorly documented quirks of the Windows CryptoAPI. One of those quirks is that if you arenít careful, it will create local copies of the RSA keys your program works with. Whoever created CryptoDefense clearly wasnít aware of this behavior, and so, unbeknownst to them, the key to unlock an infected userís files was actually kept on the userís system.
Source

A Guy




My System SpecsSystem Spec
.

Reply

 CryptoDefense: The story of insecure ransomware keys and...




Thread Tools



Similar help and support threads for2: CryptoDefense: The story of insecure ransomware keys and...
Thread Forum
Is IE6 insecure? Browsers & Mail
Gen Y: The insecure generation? Security News
Firefox Extension Allows Anyone to Steal Logins over Insecure Networks System Security
Mozilla/Foxfire - Insecure Java Plugin in Firefox System Security
MSXML 4.0 insecure after install of pre-RTM build Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:50 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33