|
I expected that it would generate a symmetric key, encrypt that symkey with the attacker's pubkey, encrypt the data with the symkey, and pop the alert. To unlock it sends the encrypted key to the C2 server which then gives back the symkey if payment has been rendered. But the assertion was that the decryption key was never outside the attacker's server, which I think means there can't be a symmetric key involved. Otherwise dumping the process memory would let you recover the key without paying the ransom. Being slow is probably OK, though.
|
#
?
Jun 22, 2015 21:55
|
|
|
|
| # ? Jun 3, 2024 09:00 |
|
|
You might all be overthinking this. It is RSA, which is asymmetric. It's essentially like using PGP, HTTPS etc where you can give someone your public key with no expectation of secrecy. It can only be used to encrypt the data. You on the other hand have the private key (generated as a pair), which is what you use to decrypt it. The server just makes a pair, ships the public key, and the exe just runs it against your files until it's done. The speed is about "as fast as your HDD can read+write" whilst maintaining a relatively low CPU footprint. There's no computational way to recover the private key which doesn't leave "heat death of the universe" as more likely to occur first. e: If it's AES over RSA then it probably works like SSL encryption, where it's the actual symmetrical key itself that is exchanged/protected via RSA and the actual file-level encoding is done via AES. Either way, no part of your computer, drive, RAM or CPU actually sees (or needs to see) the private key to encrypt the data. This is completely essential for asymmetric encryption to work at all (and for HTTPS to exist) as you would simply be able to sniff it being exchanged otherwise. MITM attacks are necessary for this reason. Khablam fucked around with this message at 23:02 on Jun 22, 2015 |
|
#
?
Jun 22, 2015 22:40
|
|
|
Khablam posted:If it's AES over RSA then it probably works like SSL encryption, where it's the actual symmetrical key itself that is exchanged/protected via RSA and the actual file-level encoding is done via AES. Either way, no part of your computer, drive, RAM or CPU actually sees (or needs to see) the private key to encrypt the data. This is categorically false. If the cipher used to encrypt the file is symmetric, like AES, then the decryption key is identical to the encryption key, and the computer simply must have access to the encryption key in order to encrypt. That characteristic of symmetric ciphers is what motivated the developing of public-key cryptography, really. PGP uses an asymmetric cipher to protect a symmetric key similarly to an SSL key exchange, because asymmetric crypto is (was?) too expensive to use on arbitrarily-large cleartext. That expense is what led to my initial question, since afaik it's the only alternative to the decryption key being resident on the victim computer.
|
|
#
?
Jun 22, 2015 23:42
|
|
|
Khablam posted:You might all be overthinking this. It is RSA, which is asymmetric. It's essentially like using PGP, HTTPS etc where you can give someone your public key with no expectation of secrecy. It can only be used to encrypt the data. You on the other hand have the private key (generated as a pair), which is what you use to decrypt it. You do not understand how RSA works and should probably stop posting as if you do.
|
|
#
?
Jun 23, 2015 00:18
|
|
|
Subjunctive posted:This is categorically false. If the cipher used to encrypt the file is symmetric, like AES, then the decryption key is identical to the encryption key, and the computer simply must have access to the encryption key in order to encrypt. That characteristic of symmetric ciphers is what motivated the developing of public-key cryptography, really. Eh my post is the victim of editing in 3 different answers. Everything I've seen about these ransomware viruses suggests it's RSA encryption at 2048. With RSA encryption on encrypt though, it doesn't suffer the crippling performance issues you get with decryption - I assume they only care about the encrypt time? You're right, I assume if AES were actually involved someone would have written a program for reading memory dumps for the key. RSA/AES hybrids assume the host machines are trusted. With previous generations (cryptolocker) a tool to decrypt was only made possible after the servers were raided, and private keys recovered.
|
|
#
?
Jun 23, 2015 01:43
|
|
|
Khablam posted:Eh my post is the victim of editing in 3 different answers. Everything I've seen about these ransomware viruses suggests it's RSA encryption at 2048. With RSA encryption on encrypt though, it doesn't suffer the crippling performance issues you get with decryption - I assume they only care about the encrypt time? You do not understand how RSA works and should probably stop posting as if you do.
|
|
#
?
Jun 23, 2015 02:20
|
|
|
Khablam posted:Eh my post is the victim of editing in 3 different answers. Everything I've seen about these ransomware viruses suggests it's RSA encryption at 2048. With RSA encryption on encrypt though, it doesn't suffer the crippling performance issues you get with decryption - I assume they only care about the encrypt time? You sound like you've been reading up on Wikipedia. Of course the malware is going to use an asymmetrical cipher. Most of these file encrypting malware work silently and only alert you once it has completed its task. There is no need to necessarily worry about performance but if you must then yes the process to encrypt using an asymmetrical cipher like RSA is substantially faster than the decryption process due to the need to compute large numbers in order to initiate the process. I won't elaborate further but if you had spent enough time on Wikipedia like you did earlier, you'd already know this and wouldn't need to spout this off. The idea that it would store an AES key somewhere in memory to encrypt files "like SSL" means that not only do you know absolutely nothing about malware (as evident in another thread), but how encryption can be properly implemented safely and adequately. I don't care to admit that I am a crypto expert (I am not), but what I will tell you is that it is people like you that make my job a pain in the rear end. I kindly suggest that you help people set up Microsoft Outlook or give tips on how to succeed at League of Legends instead of mouthing off opinions about security as if you have any clue. Lain Iwakura fucked around with this message at 02:33 on Jun 23, 2015 |
|
#
?
Jun 23, 2015 02:27
|
|
|
So, uh, does anyone actually know the crypto mechanics of these things?
|
|
#
?
Jun 23, 2015 14:08
|
|
|
Yeah, the payload is delivered by an exploit kit (the most popular one I've seen is called Neutrino), and once the payload has been deployed it calls back to a command and control server to request a unique AES-256 public key for that machine. There have been different encryption methods in the past, but the more recent actors have been using AES. Then that public key is used by the payload to search out specific file extensions and encrypt them with the unique AES key. A countdown then begins and 72 to 96 hours later the popup shows. If you pay the $300 or whatever the private key is delivered to the payload and your encrypted files are decrypted and returned to normal. All of this is based around the computer's ability to call back to the C2 server, and that server generates the unique AES key. We've been successful in blocking it by using OpenDNS to help identify and catch the C2 server domains.
|
|
#
?
Jun 23, 2015 14:29
|
|
|
Mustache Ride posted:Yeah, the payload is delivered by an exploit kit (the most popular one I've seen is called Neutrino), and once the payload has been deployed it calls back to a command and control server to request a unique AES-256 public key for that machine. There have been different encryption methods in the past, but the more recent actors have been using AES. Then that public key is used by the payload to search out specific file extensions and encrypt them with the unique AES key. An "AES-256 public key"? AES is a symmetrical cipher. You're being just as bad as Khablam and shouldn't talk about encryption either.
|
|
#
?
Jun 23, 2015 15:12
|
|
|
So what I'm getting is, if AES is used for their encryption, theres no real reason I shouldnt be able to restore my files? I dont know much about encryption but most articles I read online mentioned using RSA as their encrypter, and I feel like using AES to encrypt, instead of a public key, is like a thankfully weird flaw if true. I definitely want to poke around with it to be sure, but I wont be able to do so for a few weeks im sorry. If no one minds, ill update with anything I find when I do so treasured8elief fucked around with this message at 15:17 on Jun 23, 2015 |
|
#
?
Jun 23, 2015 15:15
|
|
|
tentative8e8op posted:So what I'm getting is, if AES is used for their encryption, theres no real reason I shouldnt be able to restore my files? I dont know much about encryption but most articles I read online mentioned using RSA as their encrypter, and I feel like using AES to encrypt, instead of a public key, is like a thankfully weird flaw if true. If AES were being used to encrypt your files then you'd be able to pull the details for the key out of memory if you were to catch it in time. The reason why you'd use an asymmetrical cipher is that you'd keep one of the key pairs remotely so even if the public key were to be found (which isn't hard), it would be useless to your victim because it cannot be used to decrypt the contents. Your odds are in the realm of possibility if they were being loving stupid and used AES to encrypt everything (assuming you got the key out of memory, not bruteforced it), but your odds are near-infinity before you'd decrypt it without knowing the private key pair. This is why CryptoWall and its ilk are so effective: without a backup you're beholden to the malware writers for that paired key. Lain Iwakura fucked around with this message at 15:25 on Jun 23, 2015 |
|
#
?
Jun 23, 2015 15:22
|
|
|
Use one of the cryptolocker/ransomeware recovery sites to see if they just so happen to be able to decrypt your stuff and then give up because you're not recovering any data otherwise.
|
|
#
?
Jun 23, 2015 15:26
|
|
|
Sorry, not enough coffee yet. AES is used to encrypt the files locally, but then both the RSA encrypted AES key, as well as the AES encrypted file content together with some additional header information are then written back to the file. Finally it'll log the encrypted file to: HKEY_CURRENT_USER\Software\CryptoLocker\Files
|
|
#
?
Jun 23, 2015 15:32
|
|
|
Thanks, that's exactly what I was interested in. Does it rotate AES keys by any chance, so that some encrypted files are still locked even if it's caught and a key is extracted from memory?
|
|
#
?
Jun 23, 2015 15:42
|
|
|
Mustache Ride posted:Sorry, not enough coffee yet. Yes. https://kc.mcafee.com/resources/sit..._Cryptowall.pdf quote:The malware uses an AES algorithm to encrypt the files. The malware first generates a 256-bit AES key which will be used
|
|
#
?
Jun 23, 2015 15:42
|
|
|
Subjunctive posted:Thanks, that's exactly what I was interested in. Let's in theory say you could, this would require that you know its running to reverse it. It would be a simple party trick and nothing more. You wouldn't know its running until its too late, that is the point of it.
|
|
#
?
Jun 23, 2015 15:45
|
|
|
The one I pulled apart created a new AES key for each file it encrypted.
|
|
#
?
Jun 23, 2015 15:50
|
|
|
Thank you!
treasured8elief fucked around with this message at 15:55 on Jun 23, 2015 |
|
#
?
Jun 23, 2015 15:51
|
|
|
pixaal posted:Let's in theory say you could, this would require that you know its running to reverse it. It would be a simple party trick and nothing more. You wouldn't know its running until its too late, that is the point of it. I don't think it's uncommon for it to be detected in progress due to file server overload or similar, but I don't have personal experience with it.
|
|
#
?
Jun 23, 2015 15:54
|
|
|
In fact, this subthread started with someone saying they'd dumped the process in question, I think.
|
|
#
?
Jun 23, 2015 16:22
|
|
|
OSI bean dip posted:You sound like you've been reading up on Wikipedia. Have you even noticed that you've contradicted yourself in your never ending urge to be a pedantic shitler every time I make a post? At first I'm a complete idiot for thinking it was probably using RSA for key exchanges and running AES locally, but then here you are posting a tear-down where it's doing exactly that. Good stuff all around. I mean keep projecting your frustrations on to me I guess, but the point was always whether it used asymmetric or symmetric encryption on the file contents themselves and it's most likely that we're all wrong and all right, because different variations (likely) approach this in different ways (cryptolocker variants are still around and use RSA-2048 ... unless that documentation suffers the same issues). You also have the problem of various 'authorities' interchanging terms worse than anyone ITT meaning the level of effort involved in concluding which is which goes outside the bounds of the original question. Heck, in crytolocker samples I ran it will itself say "AES256" in one place and "RSA-2048" in another, both in referring to the encryption of the file contents. The variations that use AES on file contents seem to generate keys per file, version dependent, which is a neat way of walking around the problems of symmetric encryption if you're using it this way. I get that you're a pointless pedant with a stick up your rear end, so I can't say "like SSL" without you frothing at the mouth about it. But when someone prefaces their question with "I don't know much about crypto" it's not a bad idea to reference it back to the only two asymmetric crytographic protocols most people know about, which is HTTPS and PGP - both / either of which they've probably seen an explanation of which explains private/public key pairs. That an SSL handshake and key generation for crytowall/locker are different in practice isn't really relevant unless someone wants to go read up how both/either work themselves, and running on for 100's of words saying "see the dirty Russian server that wants your bitcoins is basically the user in this diagram and you're the server and the CA is a random salt from somewhere probably your system time and ...." really doesn't help anyone.
|
|
#
?
Jun 23, 2015 22:21
|
|
|
Khablam posted:But when someone prefaces their question with "I don't know much about crypto" Who said that? I have a pretty decent grounding in crypto, I was asking about the details of the mechanism and key management. Both PGP and HTTPS lack the property of keeping the decryption key off of the encrypting computer, which was the assertion to which I was responding in the first place.
|
|
#
?
Jun 23, 2015 22:29
|
|
|
Khablam posted:Have you even noticed that you've contradicted yourself in your never ending urge to be a pedantic shitler every time I make a post? At first I'm a complete idiot for thinking it was probably using RSA for key exchanges and running AES locally, but then here you are posting a tear-down where it's doing exactly that. Good stuff all around. If you clued into what I wrote you'd notice I didn't contradict myself. But that's okay, I am not going to argue with someone who thinks it works "like SSL".
|
|
#
?
Jun 24, 2015 00:44
|
|
|
Since we're on a short side-bar discussing crypto, can someone point me to a good description of the differences between PGP and AES? My Google-fu is failing me, and the Wikipedia articles aren't helping.
|
|
#
?
Jun 24, 2015 04:58
|
|
|
Ynglaur posted:Since we're on a short side-bar discussing crypto, can someone point me to a good description of the differences between PGP and AES? My Google-fu is failing me, and the Wikipedia articles aren't helping. AES is a specific symmetric encryption algorithm, the "advanced encryption standard" (as opposed to the Cold War era DES - "data encryption standard"). It's fast and thought to be quite secure. However, it depends on a pre-existing shared secret, so it's not useful for public key cryptography by itself. One common approach to this problem is to encrypt the message itself with AES (or another fast symmetric cypher) and then encrypt the AES key, which is comparatively tiny, with the much slower public key method. To read the encrypted message, the receiver decrypts the AES key with their private key, then uses the AES key to decrypt the actual message. This two step operation gets you speed on the big operation (encryption of your actual message) with public key functionality. PGP is a program which implements this strategy, although I don't think it's ever used AES. PGP was a huge deal when it was released for free in 1991. Previously, encryption software was either a closely held government secret, or an astoundingly expensive (and likely broken) commercial product. Anybody could download PGP and get NSA-grade encryption, in a fairly simple user interface that kept the details of the two-step process under the hood.This led to all kinds of political battles, including an arms-control investigation of its original programmer (who had, ironically, written it in support of anti-nuclear activism).These days, PGP isn't used that much anymore as a standalone product, but you can trace a direct line from PGP to online credit card transactions and easy-to-use full disk encryption at the OS level.
|
|
#
?
Jun 24, 2015 17:01
|
|
|
Subjunctive posted:Who said that? I have a pretty decent grounding in crypto, I was asking about the details of the mechanism and key management. Subjunctive posted:I don't understand how or why you would use RSA to generate a key for AES, though I'm not really even an amateur cryptographer. By exchange I assume you mean the usual encrypt-symmetric-key-with-asymmetric-cipher sort of bootstrapping protocol? Yeah in fairness I probably didn't really see your statement in the context of the other posts you'd made but I was mostly replying to the guy who was 'accidentally running' ransomware so.. OSI bean dip posted:If you clued into what I wrote you'd notice I didn't contradict myself. quote:But that's okay, I am not going to argue with someone who thinks it works "like SSL"
|
|
#
?
Jun 24, 2015 17:45
|
|
|
Space Gopher posted:smart and helpful
|
|
#
?
Jun 26, 2015 00:15
|
|
about AES and PGP
|
I've encountered a large number of machines over the last 6 months with corrupted .NET 4.0 or 3.5 files, which I'm pretty sure are virus related. My team wastes an inordinate amount of time on fixing these issues, and it usually boils down to copying over known good mscoree.dll or mscorwks.dll files over on top of a hosed up install. I've been working on a machine no one I work with can figure out tonight, and I'm at my wits end too. Applications that depend on .net 4 crash when you try to install or run them, but for the life of me I can't figure out why. have run all sorts of .net repair programs, copied over files from known good computers, sfc /scannow'd the gently caress out of everything, checked all the logs I know to check - anyone seen malware affecting .net or windows installer like this? could really use a hail mary about now.
|
|
#
?
Jun 27, 2015 10:14
|
|
|
Bad run of HDDs?
|
|
#
?
Jun 27, 2015 12:32
|
|
|
mindphlux posted:I've encountered a large number of machines over the last 6 months with corrupted .NET 4.0 or 3.5 files, which I'm pretty sure are virus related. My team wastes an inordinate amount of time on fixing these issues, and it usually boils down to copying over known good mscoree.dll or mscorwks.dll files over on top of a hosed up install. That sounds unusual and doesn't really seem to exhibit common malware traits--I wouldn't rule it out however. Here's a question though: have you checked the MD5/SHA/whatever sums of what you consider broken to what you know is working? If you can at least narrow down what files are actually getting broken it might be able to help you determine a cause. I wouldn't just look at the two aforementioned files and assume that is the whole story.
|
|
#
?
Jun 27, 2015 17:52
|
|
|
OSI bean dip posted:That sounds unusual and doesn't really seem to exhibit common malware traits--I wouldn't rule it out however. Here's a question though: have you checked the MD5/SHA/whatever sums of what you consider broken to what you know is working? If you can at least narrow down what files are actually getting broken it might be able to help you determine a cause. I wouldn't just look at the two aforementioned files and assume that is the whole story. I'd agree that it doesn't sound like normal malware, but I've seen the problem popping up on multiple machines on this network - and only on this network. Never seen this anywhere else in the wild. I haven't checked the md5s, but am going onsite to look at this machine this afternoon, maybe i'll give that a shot, if I can identify what DLL is causing the crash. Edit : no hardware problems I can find, or corruption anywhere else in the OS. mindphlux fucked around with this message at 19:51 on Jun 27, 2015 |
|
#
?
Jun 27, 2015 19:46
|
|
|
mindphlux posted:I'd agree that it doesn't sound like normal malware, but I've seen the problem popping up on multiple machines on this network - and only on this network. Never seen this anywhere else in the wild. Are the machines running a common software suite? Does one of those pieces of software install a (potentially hosed up) copy of .net?
|
|
#
?
Jun 27, 2015 20:33
|
|
|
.NET gets corrupted at the drop of a loving hat
|
|
#
?
Jun 27, 2015 22:22
|
|
|
uPen posted:Are the machines running a common software suite? Does one of those pieces of software install a (potentially hosed up) copy of .net? yes they are, but I don't think the software is installing a hosed up version of .net. We just upgraded the software office wide, and if there had been any hosed up installs, we would have found them. (we did, there were a couple, but not on this machine in question.) the weird part is previously, all the .net errors we had gotten were related to this software. This particular one is an entirely different application (quicken 2015) - the software suite I'm referencing is working fine with .net 4, but Quicken is making GBS threads its pants. argh, still haven't figured this one out.
|
|
#
?
Jun 29, 2015 07:53
|
|
|
mindphlux posted:yes they are, but I don't think the software is installing a hosed up version of .net. We just upgraded the software office wide, and if there had been any hosed up installs, we would have found them. (we did, there were a couple, but not on this machine in question.) Could still be a bad .net, or the installer on the server got messed up. Once was pushing out a bad version of Java were only a handful of machines were getting messed up. I ended up making a script to look for which copies were missing the file (it just didn't exist) and copying over a known good copy. This was enough to allow Java to uninstall, so uninstall reinstall, because it was hosed up beyond just that in most cases. I think that brought the broken Java count down to 3 machines that the script just didn't get to. 2 Of them were the user unplugging the Ethernet cable when logging it to make it faster to boot. The last 1 was horribly broken and I couldn't get java to run cleanly at all so I threw my hands up and reinstalled windows. I hate Java with a passion, I'm glad its being phased forcibly phased out. (It's not, but we should see less new programs and hopefully enough switch that not every computer will need it and need 5 different versions).
|
|
#
?
Jun 29, 2015 10:17
|
|
|
Has anyone tried using this Tron script yet: https://github.com/bmrf/tron/ Seems like it could be good for those start it and forget it situations where you can just let it run all day and check back on it later. Was curios to see if anyone has found it to be useful at all, or if it's basically a glorified batch script that just runs a bunch of AV scans in a row. Speaking of what is the go to free AV to recommend to people these days? I have friends and relatives ask me all the time and I don't know what to tell them now except for watch what you click on and install ublock or something on your browser.
|
|
#
?
Jul 31, 2015 15:05
|
|
|
BaseballPCHiker posted:Has anyone tried using this Tron script yet: http://forums.somethingawful.com/showthread.php?threadid=3723583 Read this thread to determine what AV to use.
|
|
#
?
Jul 31, 2015 15:22
|
|
|
OSI bean dip posted:http://forums.somethingawful.com/showthread.php?threadid=3723583 Cool so pretty much watch what you click on and install ublock. That's what I thought, but I know grandma is going to ask me about Norton protecting her eWallet from the hackerz she saw on the news and oh lordy now I got a recipe toolbar.
|
|
#
?
Jul 31, 2015 15:51
|
|
|
|
| # ? Jun 3, 2024 09:00 |
|
|
BaseballPCHiker posted:Cool so pretty much watch what you click on and install ublock. That's what I thought, but I know grandma is going to ask me about Norton protecting her eWallet from the hackerz she saw on the news and oh lordy now I got a recipe toolbar. Did you read the part about picking and choosing an AV? It's pretty clear there on how to choose. If you pay for Norton, it's going to be no more effective than if you decide to get McAfee. If you want to save some money, any of the free AVs will do. All AV is the same and effectively useless. Get your grandma a Chromebook if you don't want to spend too much time fixing her stuff.
|
|
#
?
Jul 31, 2015 15:59
|
|