A malicious software program that encrypts a person’s files until a ransom is paid has a crucial error: it leaves the decryption key on the victim’s computer.
Symantec analyzed a program called CryptoDefense, which appeared late last month. It’s one of an extensive family of malware programs that scramble a person’s files until a pricey ransom is paid, a long-running but still profitable scam.
CryptoDefense uses Microsoft’s infrastructure and Windows API to generate the encryption and decryption keys, Symantec wrote on its blog.
Files are encrypted by CryptoDefense using a 2048-bit RSA key. The private key needed to decrypt the content is sent back to the attacker’s server until the ransom is paid.
But CryptoDefense’s developers apparently did not realize that the private key is also stashed on the user’s computer in a file folder with application data.
More
Symantec analyzed a program called CryptoDefense, which appeared late last month. It’s one of an extensive family of malware programs that scramble a person’s files until a pricey ransom is paid, a long-running but still profitable scam.
CryptoDefense uses Microsoft’s infrastructure and Windows API to generate the encryption and decryption keys, Symantec wrote on its blog.
Files are encrypted by CryptoDefense using a 2048-bit RSA key. The private key needed to decrypt the content is sent back to the attacker’s server until the ransom is paid.
But CryptoDefense’s developers apparently did not realize that the private key is also stashed on the user’s computer in a file folder with application data.
More
