It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Researchers Claim to Unlock Ransomware Encryption

page: 1
10
<<   2 >>

log in

join
share:

posted on Apr, 12 2016 @ 12:16 PM
link   

"One of the nastiest ransomware variants may have been defeated. Two security researchers have reportedly figured out a way to recover access to an encrypted computer without paying an extortion fee."

Source




posted on Apr, 12 2016 @ 12:29 PM
link   
a reply to: Quantum12

I had a lot of success in cryptolocker when it first came out, it was a mass panic, turned out the solution was actually pretty simple, to keep the virus light weight and easy to package it had a finite number of keys for encryption. Packet sniff a virtual machine to capture communications to and from the C&C server and catch all keys in transit. Once it ran out of unique keys try the captured keys until unlock. I am sure most ransom ware BS has the same flaw. OR don't click on or download unknown and otherwise shady file. Yeah that might be easier.
edit on 12-4-2016 by sycomix because: (no reason given)



posted on Apr, 12 2016 @ 12:31 PM
link   
a reply to: Quantum12

Ransomware.. it's like if you took a digital version of Somalian Pirates and combined them with the T-1000 Terminator Prototype - talk about making a mess!

I hope they can reproduce these results. I heard this was used to target multiple hospitals, schools, etc. and wreaked havoc on the public services.



posted on Apr, 12 2016 @ 12:32 PM
link   
Betcha they want a small fortune for that "3rd party application" .
Betcha it is a 64 bit version of the old DOS debug command.



posted on Apr, 12 2016 @ 12:33 PM
link   
a reply to: FamCore

I have a Mac and a Windows PC. I have been locked out of my windows files for Two months. I am going to try the fix the Windows lap top later this week.
edit on 4 12 2016 by Quantum12 because: (no reason given)



posted on Apr, 12 2016 @ 12:34 PM
link   
a reply to: sycomix

I like your info...Thank you



posted on Apr, 12 2016 @ 12:34 PM
link   
a reply to: Gothmog

Lol agreed



posted on Apr, 12 2016 @ 12:45 PM
link   
We found that the software would encrypt the file as a new file and delete the old files.

Using software like recuva could recover most of your files.



posted on Apr, 12 2016 @ 12:53 PM
link   
a reply to: sycomix

Cryptolocker 3.0 took out about a 1/2 a terabytes worth of private video, family pictures of mine because i was stupid enough to keep my backup external drive hooked up to my rig!


Not that i did not know any better. LoL

We live and learn, wish i had kept the encrypted data and images now.



posted on Apr, 12 2016 @ 12:57 PM
link   
a reply to: andy06shake

Oh thank you, I will remove my external drive. Nice point!



posted on Apr, 12 2016 @ 01:03 PM
link   
a reply to: andy06shake

Now just to clarify, not everyone is a weirdo like me, every time I encounter a new virus I save a copy for study, I call it my toxic drive. I only mount it in linux and never allow anything to execute. I have a virus collection dating back to 1992. You would be amazed how many are not "new" viruses but retooled old ones. SO when I encounter a new breed I can compare it to old ones. I have offered solutions to some of these to AV companies but they never take me seriously.



posted on Apr, 12 2016 @ 01:07 PM
link   
If what they are saying in the article forum , it is a generic based encryption code . That would mean hex based. And with no lockout protection a connected laptop and bruteforce the encryption. May take a while though.But having the hex key provided by that 3rd party application would shorten the time down to nothing.
Interesting. Would like to give it a try, but errrr no.Have way too many games installed to test my skills.



posted on Apr, 12 2016 @ 01:19 PM
link   

originally posted by: sycomix
a reply to: andy06shake

Now just to clarify, not everyone is a weirdo like me, every time I encounter a new virus I save a copy for study, I call it my toxic drive. I only mount it in linux and never allow anything to execute. I have a virus collection dating back to 1992. You would be amazed how many are not "new" viruses but retooled old ones. SO when I encounter a new breed I can compare it to old ones. I have offered solutions to some of these to AV companies but they never take me seriously.


Back in the old days when I was differently active on the IT-scene and FIDO-net there was a certain server in the east block where you could download ONE virus source file. If you altered it and uploaded it to the site, you would gain acess to ALL their virus source files.
We estimated that they recieved at least 2000 new EVERY MONTH.



posted on Apr, 12 2016 @ 01:23 PM
link   

originally posted by: Gothmog
If what they are saying in the article forum , it is a generic based encryption code . That would mean hex based. And with no lockout protection a connected laptop and bruteforce the encryption. May take a while though.But having the hex key provided by that 3rd party application would shorten the time down to nothing.
Interesting. Would like to give it a try, but errrr no.Have way too many games installed to test my skills.


I have talked to people that claim that there is a new version with NO decryption possibility. Apparently it uses date, time and a random generator to construct a unique key to which there is no unlock.



posted on Apr, 12 2016 @ 03:56 PM
link   

originally posted by: andy06shake
a reply to: sycomix

Cryptolocker 3.0 took out about a 1/2 a terabytes worth of private video, family pictures of mine because i was stupid enough to keep my backup external drive hooked up to my rig!


Not that i did not know any better. LoL

We live and learn, wish i had kept the encrypted data and images now.


By the same reasoning, it would be prudent to NOT automatically connect up to cloud backup solutions with automatic synchronization - things like OneDrive and Dropbox.

You can still access the files through a web interface, but if you prevent the automatic synchronization which usually syncs between a local share of your data, you can ensure your 'cloud' data stays clean.



posted on Apr, 12 2016 @ 04:18 PM
link   

originally posted by: HolgerTheDane2

originally posted by: Gothmog
If what they are saying in the article forum , it is a generic based encryption code . That would mean hex based. And with no lockout protection a connected laptop and bruteforce the encryption. May take a while though.But having the hex key provided by that 3rd party application would shorten the time down to nothing.
Interesting. Would like to give it a try, but errrr no.Have way too many games installed to test my skills.


I have talked to people that claim that there is a new version with NO decryption possibility. Apparently it uses date, time and a random generator to construct a unique key to which there is no unlock.


As Grey580 pointed out, the encryption process writes a new file with the same name as old un-encrypted one and marks the old file as 'deleted'. It does not explicitly overwrite the old 'deleted' file's allocated sectors.

This means that you can delete the encrypted file (which also only marks it as deleted but leaves the data behind) and then using a file recovery software like Recuva (which is free) you can recover the file from just before it was encrypted.

Please note that Windows operating systems does not overwrite files deleted in the same session but prefers empty space (until it runs out of available free space). If you reboot and save files, they may begin overwriting the older files, so as soon as you realize your PC has been locked by ransomware, turn it off.

It is best to remove the drive and install it in a clean working system to delete the ransomware executables and recover the files. If you feel that you don't have the technical capability to recover the files, most technicians with virus removal and file recovery experience can help, for reasonable prices.



posted on Apr, 12 2016 @ 04:27 PM
link   
a reply to: chr0naut

Thank you for all you great info. You must be a computer scientist. Thanks friend.



posted on Apr, 12 2016 @ 04:36 PM
link   

originally posted by: Quantum12
a reply to: chr0naut

Thank you for all you great info. You must be a computer scientist. Thanks friend.


I'm just expected to "know stuff", so I try and keep current. You have to be jack of all trades these days!




posted on Apr, 12 2016 @ 04:44 PM
link   
a reply to: chr0naut
I agree. How is your son your twin?



posted on Apr, 12 2016 @ 04:52 PM
link   

originally posted by: Quantum12
a reply to: chr0naut
I agree. How is your son your twin?


Two answers I can think of, off the top of my head: via a temporal paradox where I travel back in time to impregnate my mother, or via cloning where I am a clone as would be my 'twin'.

edit on 12/4/2016 by chr0naut because: (no reason given)



new topics




 
10
<<   2 >>

log in

join