Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I was recently wondering about how to circumvent malware such as the infamous Cr

ID: 659392 • Letter: I

Question

I was recently wondering about how to circumvent malware such as the infamous Cryptolocker a while back and was wondering about the efficacy of having a set of files with known content in a known location and then, in the event of a ransomware malware infection, using these files to uncover the cryptographic key used to encrypt the files.

For instance in the case of Cryptolocker, it was known fairly early on that the cryptographic function which encrypted the files was RSA, and thus brute force attempts at recovering the key could be made.

Of course, this isn't an ideal approach as it requires a large amount of computation, but with GPGPU programming alongside parallel CPU architectures (or even distributed computing) and disabling any timed-deletion of files by the Malware is this approach completely unfeasible?

Explanation / Answer

Yes it is completely unfeasible. Your suggestion bases on you knowing the contents of a particular file. You want to use this and the encrypted file to decrypt the other files. There would be two ways to approach this. One would be to use weaknesses of the encryption algorithm in a known plaintext attack, the second, which you are addressing in your last paragraph, would be trying every key in a brute-force attack. However, both approaches can be rendered practically impossible. Brute force is hopeless with a large enough keyspace, and known plaintext attacks don't work on sophisticated algorithms like RSA. So when your ransomware is "well" implemented, it can indeed lock up your data in a way nobody except the ransomware writer can decrypt it.

Btw, knowing the encryption algorithm for any system is not supposed to weaken it. In fact, public (agreed-upon) algoritms are considered stronger as they can be reviewed by researchers around the globe. Its unlikely you can afford similar reviews for your secret algorithm.

Related Questions

I was not clear in stating my full problem before, my apologies. This is the ful
Question #3651555
I was on my workshop lab today and had to file (rub on metal surface with rough
Question #1377182
I was once using a USB to connect to my phone and copied some of my photos to my
Question #656620
I was one of the people who thought that enabling 2-factor in Apple would have p
Question #659801
I was out sick for a couple weeks and this lab was assigned but I can\'t figure
Question #3834691
I was out sick for several weeks and now I am very behind. Myteacher is not the
Question #2137
I was planning on logging a lot of different stuff in my production environment,
Question #643367
I was playing with OWASP Mutillidae II and in one page I\'ve found one vulnerabi
Question #660211
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I was recently told that using Enum: public enum TaskEndState { Error, Completed
Next
I was recently wondering why the keyword auto was chosen in C++11 to mark a vari

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.