Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: CryptoDefense: The story of insecure ransomware keys and...

08 Apr 2014   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
CryptoDefense: The story of insecure ransomware keys and...

CryptoDefense: The story of insecure ransomware keys and self-serving bloggers

The past week has been particularly eventful for the Emsisoft Malware Research team. It all started about 2 weeks ago, when we received reports of a new ransomware from our friends over at BleepingComputer. A considerable amount of users reported that their files had been encrypted and that all that was left on their system was the following ransom note:

The self-proclaimed name of the culprit? CryptoDefense.

To the attentive reader the name CryptoDefense may look quite familiar, as it sounds suspiciously similar to the infamous CryptoLocker ransomware that has been active since late last year. Like CryptoLocker, CryptoDefense also spreads mostly through spam email campaigns, and it also claims to use RSA with 2048 bit keys to encrypt the userís files. Like CryptoLocker, CryptoDefense also claims that encrypted files canít possibly be decrypted; but unlike CryptoLocker this claim was not initially true.

One of the key differences between CryptoDefense and CryptoLocker is the fact that CryptoLocker generates its RSA key pair on the command and control server. CryptoDefense, on the other hand, uses the Windows CryptoAPI to generate the key pair on the userís system. Now, this wouldnít make too much of a difference if it wasnít for some little known and poorly documented quirks of the Windows CryptoAPI. One of those quirks is that if you arenít careful, it will create local copies of the RSA keys your program works with. Whoever created CryptoDefense clearly wasnít aware of this behavior, and so, unbeknownst to them, the key to unlock an infected userís files was actually kept on the userís system.

A Guy

My System SpecsSystem Spec


 CryptoDefense: The story of insecure ransomware keys and...

Thread Tools

Similar help and support threads
Thread Forum
Survey Shows Many Home Networks Are Insecure
Source A Guy
Security News
No surprise, IoT devices are insecure
Source A Guy
Security News
Adobe Flash: The most INSECURE program on a UK user's PC
Source A Guy
Security News
Is IE6 insecure?
I work for a major IT retail outlet who still use XP and IE6 on their till systems!! - I use Win7Prox64 SP1, I have training to complete which can be done at home...problem is most of these test pages wont open unless you have IE6 or Firefox 2 installed??? ive tried all latest versions of IE,...
Browsers & Mail
Gen Y: The insecure generation?
Read more at: Gen Y: The insecure generation? | ZDNet
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:57.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App