I came across this article recently and this related one which really shows why backups are important. Apparently someone has created a virus which uses powerful asymmetric cryptography (a private and public key pair) to encrypt data files on a user’s pc. Not only does it encrypt these files, but it then deletes the original, un-encrypted version and then displays a message for the user stating that they can buy the decryption tool if they send an email to a given email address. Apparently they are selling the decryption tool for $100 to $200.
The first article I linked states that they were suprised by such a virus and never thought they’d see it, but I definitely am not surprised…except maybe surprised it hasn’t been more widespread yet. With all of the phishing scams going on, this sounds right up the same alley. Lets encrypt their data, demand $100 which can conveniently be paid by credit card if they give us their credit card number. Or, let’s demand $100 and then just forget to ship them the decryption tool. I mean, we are talking about hackers here, so it’s not like they have much in the way of ethics.
Kaspersky seems to be the main player trying to brute force the private key in order to decrypt the data. However, as many sources have pointed out (see the second article) this really is a fairly pointless exercise. According to the second article, a Kaspersky employee stated that a brute force attack on this key would take about 15 million modern computers about a year to crack…though other experts say that’s an under-estimation. That is the entire point of assymetric encryption after all. And once you do crack the code, all the virus writer has to do is generate a new key and you’re back to square one.
There have also been suggestions that Kaspersky is behind the whole thing as more of a publicity stunt. Currently, I’m inclined to agree with these accusations. After all, being in the security industry, they should know the pointlessness of their attempts to brute force crack the private key. A smarter approach would be to claim to be a victim and pay the virus writer for the decryption tool and then just release it publicly. Of course, that’s assume the virus writer actually does provide the tool and doesn’t just take your money, but being it’s only $200, I think Kaspersky could take that risk.
So, take it for what it’s worth. If nothing else, it’s a good warning to back up your data regularly so if you did get infected with this virus you could simply reformat and restore from your most recent backup. It is also a warning to always be warry of what you’re running on your computer. As it is a Trojan, it does not self-replicate. That means the user had to actually launch the executable containing the virus. It could have been bundled in some “pretty cool” shareware game or something, or simply an exe attached to an email with an inticing name.