wildchild Posted November 10, 2015 Report Posted November 10, 2015 Linux Ransomware Debut Fails on Predictable Encryption Key | Bitdefender LabsPartea proast? e c? acum le-au dat f?r? s?-?i dea seama o idee despre cum s?-l fac? mai greu de decriptat. Quote
watsonAI Posted November 12, 2015 Report Posted November 12, 2015 da, desigur... toate systemele ransomware pana acum erau imposibil de decriptat, iar acum apare unul, culmea, pentru linux/servere, care e facut in asa fel incat sa se poata decripta? Pare cam cusuta cu ata alba. Quote
malsploit Posted November 12, 2015 Report Posted November 12, 2015 da, desigur... toate systemele ransomware pana acum erau imposibil de decriptat, iar acum apare unul, culmea, pentru linux/servere, care e facut in asa fel incat sa se poata decripta? Pare cam cusuta cu ata alba.Au mai fost cazuri in care au fost gasite erori in mecanismul de criptare. Nu e prima oara cand se intampla.We mentioned that the AES key is generated locally on the victim’s computer. We looked into the way the key and initialization vector are generated by reverse-engineering the Linux.Encoder.1 sample in our lab. We realized that, rather than generating secure random keys and IVs, the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption. This information can be easily retrieved by looking at the file’s timestamp. This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA public key sold by the Trojan’s operator(s). Quote
