Ransomware may become unfixable
July 24, 2006
Quentin Reade

Surfer Hackers may soon be able to make ransomware so complex that it is beyond the decryption capabilities of the anti-virus industry, according to a new report.

The report, Malware Evolution: April – June 2006, Hidden Wars, warns that authors of ransomware are pushing the boundaries of modern cryptography by using ever-more sophisticated encryption algorithms.

Ransomware involves the use of malicious code to hijack user files, encrypt them and then demand payment in exchange for the decryption key. The first piece of ransomware to use a sophisticated encryption algorithm, Gpcode.ac, was detected in January 2006 and used the RSA algorithm to create a 56-bit key. Since then, the author of Gpcode has released several increasingly complex variants of the virus and in June released Gpcode.ag, which used a 660-bit key.


According to Aleks Gostev, senior virus analyst, Kaspersky Lab, authors of the report: “We were able to decrypt 330 and 660-bit keys within a reasonably short space of time, but a new variant, with a longer key, could appear at any time. If RSA, or any other similar algorithm which uses a public key, were to be used in a new virus, anti-virus companies might find themselves powerless, even if maximum computing power was applied to decrypting the key.


“Unfortunately, the authors behind the Gpcode, Cryzip, and Krotten ransomware are still free. However, even if they are arrested, there's nothing to prevent other malicious users from implementing such techniques in order to make money,” Gostev said.


“In the mean time, anti-virus companies have to continue working on proactive protection which will make it impossible for malicious users to encrypt or archive users' data.”


Kaspersky Lab advises that all documents, data and email databases are backed up on a regular basis.

Source: WebUser