Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [ransomware]

Ransomware is a lethal kind of Malware that Encrypts your harddrive(s) and holds them hostage, providing the decryption key if you pay the hostage-taker(s) money (well-known variants are the FBI Virus and the Police Virus).

Ransomeware (malware variant), once infected with, holds your system (mostly harddrive(s) and/or storage media) hostage by either encrypting the info, or holding an OS hostage (non-encryption ransomware).

Questions aksed with this tag should have information concidering ransomware, having a system infected with Ransomware, having questions on preventing ransomware, etc.

For more information, please see these sites explaining ransomeware, its definitions, history, and more:

16 questions
8
votes
1 answer

Timing attack on RSA as used by CryptoLocker?

So far I have researched timing attacks on RSA, We all know the ransomware named CryptoLocker uses RSA 2048 bit encryption. Now, is it possible to break the encryption using a timing attack. I have been gathering information about CryptoLocker, it’s…
user3319959
  • 81
  • 2
8
votes
1 answer

Knowing pre-encryption data, can we find the private key CryptoLocker used?

One of our users seems to have been hit by CryptoLocker. As a result, he has a hard drive full of encrypted files. The ransom-ware claims to have used public key encryption on the files. If we know exact contents of some of the files prior to them…
poke
  • 183
  • 4
3
votes
2 answers

Is it possible to decrypt cryptowall-encrypted files?

I am writing regarding a certain ransomware program called cryptowall (prop 4.0). I have lost many documents to this, and as it so happens, I have a few file duplicates before and after they were forcefully encrypted. My question is whether or not…
geok
  • 31
  • 1
2
votes
1 answer

why ransomwares are still problematic?

There is some points that I don't understand yet about ransomwares : the attacker generally put his bitcoin address in the malware, can this address be used to identify and reach him ? on the assumption that the malware use symmetric encryption,…
Reda LM
  • 133
  • 3
2
votes
2 answers

Could a collection of data be engineered to encrypt predictably using standard encryption algorithms?

Thinking about the rather new problem of Cryptolocker and other crypto-randomware, huge amounts of damage are being caused by malicious actors simply using modern encryption algorithms to encrypt a drive. But this presents an interesting question,…
TheEnvironmentalist
  • 121
  • 1
2
votes
1 answer

Understanding ransomware – What makes plain-text-attacks or brute-forcing so hard?

Say I have four files. Two are completely unencrypted, while the other two are the exact same files other than that they have been encrypted with (apparently) the same public key (via a ransomware virus). Is it possible to deduce the key from these…
Excille
  • 29
  • 2
1
vote
2 answers

Why can't ransomware practically use RSA to encrypt all files?

I understand that a few ransomware have used an RSA public key to encrypt all files belonging to the victim. This is a bullet-proof system in terms of its security because the private key is always safe with the hackers. But most ransomware use the…
learnerX
  • 687
  • 1
  • 8
  • 15
1
vote
1 answer

Paid decryption scheme and possible attack surface

This is how ransomware can work as far as I understand: Most ransomware works with symmetric encryption on individual files. For each file the script generates a new key. A list is then generated containing all the file-paths with their respective…
joop s
  • 93
  • 4
1
vote
1 answer

Knowing pre-encryption data, can we find the private key CryptoWall used?

I'm just repurposing a question already asked about Cryptolocker for CryptoWall: "If we know exact contents of some of the files prior to them being encrypted, would it be feasible to use those files to discover the private key?" There's an answer…
MikeM
  • 19
  • 1
1
vote
0 answers

Encryption scheme with variable and provable key-length

I'm currently studying the possibility of a novel ransomware technique, where an adversary instead of forcing the victim to pay a ransom, forces them to brute force a key of given length and thus spend a lot of computational power. However before…
limeeattack
  • 253
  • 1
  • 13
0
votes
2 answers

Hash Comparison to Detect Ransomware File Encryption

As detailed in a separate question, I thought I had a way to detect the type of ransomware that encrypts files silently, and then decrypts them on the fly, so as to prevent the user from realizing that the files have been encrypted. I thought that a…
Ray Woodcock
  • 193
  • 7
0
votes
1 answer

Suitable hybrid encryption approach?

I need help for my bachelor thesis. I have a general question regarding hybrid encryption in different ransomware. The hybrid encryption often uses symmetric and asymmetric encryption techniques. During an infection the symmetric key will be…
kselight
  • 1
0
votes
1 answer

Could a quantum computer recover files from ransomware if the attacker doubly encrypted them with RSA-4096?

How would a quantum computer decrypt a file (or find the keys to such a file) if it were encrypted with standard RSA 4096 encryption, but encrypted two times with different keys? The keys are known by only one party. They could be different lengths…
Jake L.
  • 1
0
votes
1 answer

How to detect what crypto-method is used by Filecoder.Q?

I have 2 different images, one original, and one locked by a malware detected by eset as "Win32/Filecoder.Q". How to detect the encryption method that is used and the key, that is not using any public key/rsa/rc4 algorithm. There is diff: If…
Denis Balan
  • 9
  • 1
0
votes
1 answer

Help with RSA-2048 crypto ransom virus

The RSA-2048 Crypto Ransom Virus has devastated me, I tried the backup method, the previous version, the Shadow Explorer, it deleted all my restore points, Its took out 5 HDs and my USB pen that happened to be plugged in, everything is encrypted,…
autotech101
  • 17
  • 1
1
2