[Dataloss] [Fwd: Ransomware]
Arshad Noor
arshad.noor at strongauth.com
Mon Jun 9 19:18:55 UTC 2008
Fascinating! Attackers are using encryption to make money (I'm not
sure how they expect not to get traced to the EFTs - but that's a
different subject), while most companies are still sitting on the
fence about data-encryption of customer data.
Arshad Noor
StrongAuth, Inc.
-------- Original Message --------
Subject: Ransomware
Date: Mon, 9 Jun 2008 11:54:20 -0400 (EDT)
From: Leichter, Jerry <leichter_jerrold at emc.com>
To: cryptography at metzdowd.com
Computerworld reports:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818
on a call from Kaspersky Labs for help breaking encryption used by some
ransomeware: Code that infects a system, uses a public key embedded in
the code to encrypt your files, then tells you you have to go to some
web site and pay for the decryption key.
Apparently earlier versions of this ransomware were broken because of a
faulty implementation of the encryption. This one seems to get it
right. It uses a 1024-bit RSA key. Vesselin Bontchev, a long-time
antivirus developer at another company, claims that Kaspersky is just
looking for publicity: The encryption in this case is done right and
there's no real hope of breaking it.
Speculation about this kind of attack has made the rounds for years.
It appears the speculations have now become reality.
-- Jerry
More information about the Dataloss
mailing list