-2

Recent news reports show that the UK's NHS (Nation Health Service) has suffered a major ransomware attack which is also affecting other parts of the world especially Spain and Russia, the effect is to essentially lock out users from files unless a ransom is paid within a stated period of time, beyond which the files will either be permanently encrypted or deleted.

Would it be possible to break this encryption or similar if there was an army of 'reservists' PCs. So example a million PC users signed up to allow their PCs to be used to break such encryption if their was a serious attack. In other words what we be the minimum number of networked PCs you would need to realistically break encryption applied to a critical system, and could such a system be implemented?

Naz
  • 125
  • 4

2 Answers2

4

No amount is enough, to break the encryption.

If the ransomware was engineered "properly", they could make sure that their crypto follows best practices making it practically unbreakable within our current understanding of physics. This is due to the fact that current cryptographic primitives have been designed with all kinds of threats in mind (including access to large amounts of plaintext-ciphertext pairs).

However there's a simpler solution to this (actually two):

  • Security updates. Large parts of the affected systems are still running on Windows XP even though the relevant, wormed vulnerability (ETERNALBLUE) has "long" been fixed by Microsoft for supported OSs (like Windows 10 and Windows 7). So the fix is obvious: Update to supported systems and actually patch them.
  • Backups. If you can just recover the data from a fresh (automated) backup onto your systems, there's no need to invest ressources in finding flaws in the ransomware, you can just wipe the machines, restore from the backups and be done.

So TL;DR: No amount of computers will help, only proper preparation.

SEJPM
  • 46,697
  • 9
  • 103
  • 214
3

Would it be possible to break this encryption or similar if there was an army of 'reservists' PCs.

The short answer is no.

So example a million PC users signed up to allow their PCs to be used to break such encryption if their was a serious attack. In other words what we be the minimum number of networked PCs you would need to realistically break encryption applied to a critical system, and could such a system be implemented?

The keyword that makes it to where you can't answer this qualitatively is "realistically". We could go on with assumptions about how much matter/energy there is in the universe and how much it requires to compute a guess at the key, but such assumptions will quickly violate the "realistic" requirement.

Cracking the key is not a realistic strategy in general

As long as the key is generated correctly and of sufficient size, guessing the key is not a realistic option in general.

However, that does not mean there does not exist a realistic option for recovering the key in the ransomware scenario.

For example, it might be possible, in certain situations, to recover the key from memory after the files have all been encrypted. It is possible that the malware did not erase the key from memory after it was done using it. It is alternatively possible that the key ended up somewhere on the hard drive, as the memory that the key was in could have been swapped out at some point.

However, recovering this information is non-trivial to the average person. And such situations do not endure forever - writing over the memory or shutting the machine off could/would ruin your opportunity take advantage of such situations.

The real solution to ransomware

As SEJPM pointed out, the real answer to ransomware encrypting your hard drive is much more mundane: standard preventative maintenance in the form of regular off-site backups.

Ella Rose
  • 19,971
  • 6
  • 56
  • 103