 |
McAfee
TOTAL PROTECTION for Small Business
No Payment Until August
- Click Here |
|
07.26.06
Tougher Crypto Seen In Ransomware
 By
David A. Utter
Early attempts to extort money from people victimized by viruses that cannot be defeated without a key have grown in sophistication, with tougher encryption being employed.
Part of the latest report from Kaspersky Labs, "Malware evolution: April - June 2006," discussed several aspects of the growing problem of malicious attacks on computer users. Multiple issues with Microsoft Office have been cited, along with the increasing threat from ransomware.
A machine infected by a piece of ransomware, like the Gpcode virus Kaspersky Labs senior virus analyst Alexander Gostev cited in the report, has certain files and possibly even email databases locked up in a password-protected file. To break the encryption, the victim is instructed to pay for a decoder file.
Kaspersky has dealt with an ever-growing level of encryption by the writer of Gpcode. Gostev noted how this has transpired in the report:
In June, the Russian segment of the Internet was attacked by a new version of Gpcode, but this time a 260 bit key was used. However, this longer key didn't cause problems for our analysts, who were able to crack it in less than 5 minutes.
Gpcode's author responded to the cracking of the 260 bit key by releasing yet another variant. This time the stakes were raised with a 330 bit key, and this appeared to have some antivirus companies beaten. However, Kaspersky Lab analysts managed to crack the key in less than 24 hours.
On 7th June 2006, Gpcode.ag was downloaded to thousands of Russian computers from an infected site. This latest variant used a 660 bit key, the longest key which has ever been broken. According to estimates, it would take at least 30 years using a 2.2 GHz computer to break such a key.
Despite the length of the new key, Gostev wrote that Kaspersky analysts were able, with some luck, to crack this new variant in one day.
Gpcode's creator has used social engineering to entice people to open an infected document and trigger the infection. Gostev thinks the difficulty of breaking future ransomware schemes will only increase as those attackers implement longer encryption keys.
Users can steer away from such attacks by not opening documents from untrusted sources, and backing up important data regularly. If a ransomware attack should take place, backup copies of data can replace those trapped by the virus until a fix has been distributed to negate the threat.
About the Author:
David Utter is a business and technology writer with WebProNews.
|
