Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken:
The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of them: An ephemeral RSA-512 public key that is randomly generated on each machine it infects.
“If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!” they wrote. “The challenge was that they delete the [public key] once the files are fully encrypted. Memory analysis gave us about a 5-minute window after files were encrypted to retrieve this public key.”
Unit 221B ultimately built a “Live CD” version of Linux that victims could run on infected systems to extract that RSA-512 key. From there, they would load the keys into a cluster of 800 CPUs donated by hosting giant Digital Ocean that would then start cracking them. The company also used that same donated infrastructure to help victims decrypt their data using the recovered keys.
A company offered recovery services based on this break, but was reluctant to advertise because it didn’t want Zeppelin’s creators to fix their encryption flaw.
Technical details.
More Stories
Friday Squid Blogging: Squid Mating Strategies
Some squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly. As usual, you...
New Attack Against Self-Driving Car AI
This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly...
UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Development
The UK's open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development Read...
Boeing refused to pay $200 million LockBit ransomware demand
Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious...
RSAC: Experts Highlight Novel Cyber Threats and Tactics
Well-funded cybercriminals are adopting more sophisticated techniques, creating a need for defenders to stay informed about the evolving threat landscape...
Wild Wisdom: What Technology Learns from the Natural World
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...