Wednesday 2 April 2014

Ransomware Crypto Defense allows decryption key behind computer victim

Ransomware Crypto Defense contains a crucial mistake: it allows the decryption key back to the computer of the victim.


Symantec analyzed Crypto Defense. The ransomware is part of the extended family of malware programs that encrypt files of victims until a ransom is paid. Crypto Defense uses Microsoft and Windows API to generate Encryption and decryption keys.

Key
Defense Crypto encrypts files using a 2048-bit RSA key. The secret key needed to de-crypt the files will be sent back to the server, the attacker until the ransom is paid again. Apparently the developers did not know that the secret key on the computer of the victim is in a directory containing application data. This key can decrypt the victim his data without the intervention of the cyber criminals. Itself, Unfortunately, the average user will not have enough knowledge to make this actually perform.

Success
Symantec estimates that have received, which shows the effectiveness of the scam. Cyber criminals within one month, more than $ 34,000 in bitcoins.
Symantec has blocked 11,000 Defense Crypto infection attempts in more than 100 countries. The majority of infection attempts were in the U.S., followed by Britain, Canada, Australia, Japan, India, Italy and the Netherlands.

MD5: f57d188c4667fab46208396af20badd2 (Virus Total Permalink)
         60f302b88160c27263c61c7e91dcb94e (Virus Total Permalink)

No comments:

Post a Comment