TeslaCrypt Isn't All That Cryptic

citpyrc writes: TeslaCrypt, the latest-and-greatest ransomware branch off of the CryptoWall family, claims to the unwitting user that his/her documents are encrypted with "a unique public key generated for this computer". This coudn't be farther from truth. In actuality, the developers of this malware appear to have been lazy and implemented encryption using symmetric AES256 with a decryption key generated on the user's machine. If any of your machines are afflicted, Talos has developed a tool that can be used to generate the user's machine's symmetric key and decrypt all of the ransomed files.

Does it matter?

[gstoddart]

Since most people who will be subject to ransomware have no way of knowing the mechanics of the encryption (or wouldn't be able to access it anyway) ... does that they lied about their super secret crypto make a damned bit of difference?

Most people would care more about blocking whatever vector for this crap is causing it instead of the technical details of the crypto.

Re:

[sribe]

Since most people who will be subject to ransomware have no way of knowing the mechanics of the encryption (or wouldn't be able to access it anyway) ... does that they lied about their super secret crypto make a damned bit of difference?

Well... IF the tool becomes widely-enough known, that when a victim goes looking for some tech to help them, then it could be very useful. As opposed to real public/private key encryption where no one could legitimately help them.

I doubt this will happen; I doubt the tool will be utilized; but it's at least been made possible now. (And of course, new versions of the malware will keep popping up...)

Re:

[monkeyzoo]

The malware authors will surely upgrade their crypto tech now. Cat and mouse game...

Re:Does it matter?

[Penguinisto]

Correction - *some* malware authors will update their kit.

The script kiddies will continue using whatever they can find, and most malware authors will happily (and TBH, justifiably) rely on general user ignorance to get what they want.

Consider it a parallel to those gawdawful stupid "You're about to get sued" phone scams. Everybody knows they're scams, yet enough ignorant/scared people take the bait to still make it worthwhile.

Re:

[wallsg]

Consider it a parallel to those gawdawful stupid "You're about to get sued" phone scams. Everybody knows they're scams, yet enough ignorant/scared people take the bait to still make it worthwhile.

It's actually beneficial to the scammers that the scams are so transparent. Those who will eventually figure it out and stop before paying any money drop out right away, leaving only the truly gullible for the scammers to devote real effort to.

Re:

[SuricouRaven]

"general user ignorance"

It's worked for the last ten thousand years. No reason to expect it to change any time soon. Target enough people, you'll find someone who falls for it. Computers just take the leg-work out.

Re:

[Khyber]

If the tool becomes widely-known the first thing that ransomware author will do is change the encryption method, if they're even half-intelligent, making the tool absolutely moot.

Re:

[Kjella]

Since most people who will be subject to ransomware have no way of knowing the mechanics of the encryption (or wouldn't be able to access it anyway) ... does that they lied about their super secret crypto make a damned bit of difference?

Well, I wouldn't bother to start poking at it but I would at least search online if there's a workaround if I managed to get hit with a cryptolocker. So by publicly announcing this tool a few may be helped, isn't that good enough? I didn't bother to read TFA but I imagine it came for "free" looking for the malware's infection vector/hiding techniques/C&C central/whatever so there's no reason to complain about a lucky break.

Re:Does it matter?

[ledow]

Anyone with a brain:

Would you trust the guys that infected your system, removed your access to files, ransomed the decryption key from you etc. to correctly - and perfectly - restore your untouched data?

Because, I know I wouldn't. Not without hashes of pre-infected data that I could trust, on some untouched backup device, to compare against. And then the restoration, comparison and cleanup operation is actually worse than just restoring to pre-infection backups.

You have to think of this. These people put a virus on your system that locked your files away. And you're "trusting" them to not only restore those files but to do so without introducing further infection vectors in the process. What's to say that their decrypt / encrypt routine isn't just a smokescreen to infect all your files with something else en-route? Or that they've not just done it to delay you realising that they now have that document you had with all your passwords in it...

If you're victim to ransomware, there are two options:

- You have no backups, the data wasn't important enough for a GBP50 device and you pressing the button once a month, so you've not lost anything of major value by not paying the ransom.
- You have virtually-full, verified backups just over there anyway and would have to perform all kinds of integrity checks to ensure the ransomed data is clean.

The option of "pay ransom" is really a sign that you've failed yourself (and your customers, if you're a business). You can't stop data exposure, but to have to pay to get your data back, that's just stupidity on your part.

As such, blocking the infection vector is infinitely more important than anything else, and then taking a good backup on a regular basis is second on the list. Anything else is very much bottom of the list.

What scares me most about ransomware is not the encryption, or the ransom, or the difficulty of decryption (once that data is compromised, it's gone, it's as simple as that). It's purely that it means a system-level restore of your PC / network, and that you had a hole somewhere whereby it could wreak that kind of havoc.

Re:

[freeze128]

The whole point of ransomware is that you PAY MONEY to get your files back. If there was any chance that the victim didn't believe that you would return all the data, then they would not pay. If one person paid the ransom and then found that not all the files were returned, or that something else was affected as you suggest, then word of mouth and rumors would spread about that particular strain of ransomware, and then NOBODY would pay the ransom.... They would all just restore from backups (which is ideall

Re:Does it matter?

[j2.718ff]

If there was any chance that the victim didn't believe that you would return all the data, then they would not pay.

I'm not so sure of that. As a victim, you are aware that you have about 0% chance of getting your data back if you don't pay the ransom (unless you had a good backup setup somewhere). So you pay because you believe your data is important enough to justify the risk. This is similar (though nowhere near the same level) as someone demanding a random because they kidnapped your child. You already are well-aware that they are not trustworthy, but you really don't see an alternative.

Now, I do agree with your other point. If news was out that people paying the random did not get their data back, then I'm sure a smaller percentage of victims would be paying. But some would still pay, because their data is important enough to them that they hold on to that small hope that they might get it back.

Re:

[someoneOtherThanMe]

And this is why I regularly back up my two sons!

Re:

[retchdog]

uh, since ransom malware generally isn't targeted, that doesn't make a lot of sense. the line you're referencing is that once you pay the danegeld, you never get rid of the dane.

malware is more of a "stumbling into a pit full of spikes" thing than a "village being raided by vikings" thing.

Re:Does it matter?

[mlts]

It isn't that simple. Some ransomware variants will find the backup device (external hard drive, NAS share, etc.) and zero those out. In fact, if the hard disk is encrypted, malware can just zero out the locations where the volume encryption key is stored, then dismount the drive.

Other variants will encrypt files, but will transparently allow access them until a point and time where it zeroes out the decryption key and puts up the ransom dialog. This makes backup utilities like Mozy and Carbonite ineffective since they may not have a usable copy.

For effective backups, one needs a backup server that pulls backups from clients, so malware cannot tamper with already stored files on the server side. However, outside of larger enterprises that use NetBackup on desktops, this isn't something that is often done. On a small scale, one can use Windows Server 2012 R2 Essentials, Retrospect, or a file share from all clients which is mounted by the backup server to copy documents off.

One also needs to keep good backups since the scrambled files might be around for a long time without someone knowing that they were tampered with. This requires multiple backup rotations and data lifetimes (again something only really found in enterprise-grade backup programs.)

Re:

[Anonymous Coward]

Some ransomware variants will find the backup device (external hard drive, NAS share, etc.) and zero those out.

But you contradict yourself.

Neither an external hard drive or NAS share is a backup solution, it is instead nothing more than a copy.
A client PC should not be able to reach the backup device. The backup device reaches out to the PC.

Of course an online backup device being just another system on the LAN means if your client PC is penetrated, the attacker has network level access to the LAN just like your PC does, and could potentially exploit other non-related vulnerabilities in the backup device to take cont

Re:

[gl4ss]

if the backups don't go back long enough, it doesn't matter if the backup device fetches the data or if the data is pushed to the device.

besides, all cheap backup hd's etc with a simple button, or cheap nas backup devices, do the pushing in software on the host pc...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Zontar_Thing_From_Ve]

Anyone with a brain:

Would you trust the guys that infected your system, removed your access to files, ransomed the decryption key from you etc. to correctly - and perfectly - restore your untouched data?

Because, I know I wouldn't.

I understand your point, but in the case of individuals, most non-techies are often too embarrassed to ask a technical person for help in such situations, so they just pay and hope for the best. In the case of businesses, I can tell you as someone who works in IT for a Fortune 500 company and has to deal with IT staff in much smaller companies on a regular basis, smaller companies often don't have the best IT people. A lot of times I see that small companies just hire whoever they can get for the bottom t

Re:

[firewrought]

Would you trust the guys that infected your system, removed your access to files, ransomed the decryption key from you etc. to correctly - and perfectly - restore your untouched data?

Yes, I would. The original authors have (1) the most technical experience with their particular product and (2) strong financial incentive to provide a "good" extortion experience. By contrast, Talos is working from what they can reverse engineer, and they may not be aware of all variants/quirks of the malware.

Blocking the infection vector is infinitely more important than anything else.

They've already owned your machine with the payload of their choosing, and it's probably even self-updating. While I wouldn't exactly trust the malware folks to leave your machine clean, they alrea

Re:

[gstoddart]

Would you trust the guys that infected your system, removed your access to files, ransomed the decryption key from you etc. to correctly - and perfectly - restore your untouched data?

Of course I wouldn't trust them. I don't trust anybody.

But my distrust starts at the front door, and I wouldn't have likely trusted whatever vector leads to this stuff ... because I've learned not to trust the internet at all. Or at least to not give it access to my machine and click on stuff embedded in web pages.

But the peo

Re:

[mlts]

You know what you are doing. Ransomware makers don't prey on the Slashdot crowd. In general, people here are well inoculated from malware, just because we tend not to run files from the Web, our Web browsers are well sandboxed (or run in a VM), and if someone calls up and demands we run software to "fix our Windows box", the response will make the caller's brain ooze out their ears.

However, most people on the Net don't. They go to a pr0n site, and get presented with "you must download this application in

Reality: small companies will pay up...

[bradley13]

"The option of "pay ransom" is really a sign that you've failed yourself (and your customers, if you're a business). You can't stop data exposure, but to have to pay to get your data back, that's just stupidity on your part."

The victims of ransomware are companies too small to have a full-up IT department. Since lots of /.ers are in the US, look at the stats on company size [census.gov]. The vast majority of companies have fewer than 10 employees. Those are the companies where the IT was probably set up by a friend or n

Further from the truth

[wonkey_monkey]

This coudn't be farther from truth.

That should be probably further, but anyway, c'mon, it could be a lot further from the truth. They could have claimed to have encrypted the documents using a slice of lemon wrapped around a hamster.

a unique public key generated for this computer

So the only thing wrong with that sentence is the word "public," isn't it? That doesn't sound very far from the truth.

(in fact the screenshot shows the text also says "RSA-2048")

In actuality, the developers of this malware appear to have been lazy and implemented encryption using symmetric AES256 with a decryption key generated on the user's machine.

Whadya mean, "decryption key"? It's the same key! That's the whole point of the story!

Re:Further from the truth

[monkeyzoo]

They could have claimed to have encrypted the documents using a slice of lemon wrapped around a hamster.

The problem with hamster-based encryption is the animal rarely survives the XOR process.

[Nice username.] =)

Re:Further from the truth

[jratcliffe]

The problem with hamster-based encryption is the animal rarely survives the XOR process.

[Nice username.] =)

Actually, that's not that hard. Getting a slice of hamster is pretty straightforward. It's unslicing the lemon that's challenging.

Re:

[Anonymous Coward]

I encrypt everything with asymmetric ROT-13, you insensitive clod!

Re:

[fishybell]

I prefer to encrypt everything with RND-10: rounding each byte to the nearest base-10 number. Decryption is left as an exercise for the user.

Re:

[Woeful Countenance]

That should be probably further, but anyway, c'mon, it could be a lot further from the truth. They could have claimed to have encrypted the documents using a slice of lemon wrapped around a hamster.

I had exactly the same two thoughts, which probably should be frightening to both of us. Except that I thought it would be further from the truth to say they had encrypted without actually doing any encrypting at all. (I've also been reading about string theory, so now I'm trying to picture a six-dimensional Calabi-Yau hamster wrapped by a lemon slice.)

Excessively exaggerated hyperbole is the greatest threat the human species has ever faced.

Re:Further from the truth

[Dr_Barnowl]

It doesn't make the right emphasis

Should be "a symmetric key generated from details of the user's machine".

It's a design trade-off.

Their method means they don't have to maintain a repository of the keys that their infected machines have generated. They don't need a server receiving key transmissions, which means no server to attack, and also means their software is simpler, fewer moving parts, less to go wrong.

Unfortunately it suffers from the same problems as consumer media DRM - the user has both the encrypted data, and everything they need to generate the decryption key, it's just the algorithm that's "private". Security though obscurity.

Re:

[Trouvist]

Does this mean that the ransomware is protected by the DMCA, so by releasing this decryption tool, the researchers are circumventing the DRM protections put in place to secure the data? I realize it's during the commision of a crime, but nonetheless, is the ransomware protected?

Re:

[Anonymous Coward]

As I understand it, the Supreme Court has ruled that the DMCAs wording is specific in that breaking DRM is only illegal when the purpose of that DRM is to protect IP.

I would suspect that the ruling likely wouldn't hold that DRM meant to protect IP that the IP owner doesn't want protected would not be illegal, but I can't be certain of that.

Yeah! For lazy Malware authors!

[goochman]

I predicted this when the first Instance of Cryptolocker came out. Unfortunately a new form of anti-virus will be post mortem decryption. I really don't want people to pay norton/mcafee for these kind of services (But it beats paying the bad guys)

Good job, Talos!

[Mirar]

Great that someone is providing tools to counter this plague...

Backups

[WoodburyMan]

Who cares when you have backups. I've had one family relative, and a system on my network get infected. First had backups of important stuff, latter took out a few thousand folders on our network, which our backup solution recovered in an hour. We have backups daily for 8 weeks or more that can restore in as long as it takes to transfer, something around 300mbyte/s.

That level of "quality" is industrial standard

[gweihir]

One of the things I do for a living is review use of crypto in applications. The level of understanding "TeslaCrypt" demonstrates of how to use crypto right is industrial standard. Most developers are entirely clueless what it takes to use crypto securely. That you can now do crypto in the browser using JavaScript makes things worse, and takes the crown of incompetence from the average Java programmer. People then use all sorts of big terminology to justify their broken solutions like "secure browser sandbo