Author Topic: CryptoLocker Foiled by Whitehats  (Read 10444 times)

Offline BazBear

  • Mars
  • ***
  • Posts: 396
CryptoLocker Foiled by Whitehats
« on: August 06, 2014, 11:12:55 PM »
From the Ars Technica website:

Quote
Whitehats recover, release keys to CryptoLocker ransomware

Whitehat hackers have struck back at the operators of the pernicious CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage.

Through a partnership that included researchers from FOX-IT and FireEye, researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims' personal computer files until they pay a $300 ransom. They also reverse engineered the binary code at the heart of the malicious program. The result: a website that allows victims to recover the key for their individual content. (full article)

The file scanning and key recovery site can be found here.
« Last Edit: August 07, 2014, 01:14:52 AM by BazBear »
"It's true you know. In space, no one can hear you scream like a little girl." - Mark Watney, protagonist of The Martian by Andy Weir

Offline smartcooky

  • Uranus
  • ****
  • Posts: 1966
Re: CryptoLocker Foiled by Whitehats
« Reply #1 on: August 07, 2014, 12:44:52 AM »
From the Ars Technica website:

Quote
Whitehats recover, release keys to CryptoLocker ransomware

Whitehat hackers have struck back at the operators of the pernicious CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage.

Through a partnership that included researchers from FOX-IT and FireEye, researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims' personal computer files until they pay a $300 ransom. They also reverse engineered the binary code at the heart of the malicious program. The result: a website that allows victims to recover the key for their individual content. (full article)

The file scanning and key recovery site can be found here.

Neither link works

Try

http://arstechnica.com/security/2014/08/whitehats-recover-victims-keys-to-cryptolocker-ransomware/

If you're not a scientist but you think you've destroyed the foundation of a vast scientific edifice with 10 minutes of Googling, you might want to consider the possibility that you're wrong.

Offline BazBear

  • Mars
  • ***
  • Posts: 396
Re: CryptoLocker Foiled by Whitehats
« Reply #2 on: August 07, 2014, 01:22:04 AM »
Sorry about that, and thanks for the heads up. I had just made an identical post over at the JREF forum, then simply C&Ped the BB entry code from the entry field over there into this one. Apparently this forum software decided to add an extra http:// to the URLs I had entered. All fix-ed-ed up now.
"It's true you know. In space, no one can hear you scream like a little girl." - Mark Watney, protagonist of The Martian by Andy Weir

Offline ka9q

  • Neptune
  • ****
  • Posts: 3014
Re: CryptoLocker Foiled by Whitehats
« Reply #3 on: August 07, 2014, 08:37:51 AM »
I saw that. Of course, it only works with the present Cryptolocker, and then only some versions. It doesn't prevent anyone from using another incarnation of the same idea against new victims, taking greater care to protect their private keys.

Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.

Offline BazBear

  • Mars
  • ***
  • Posts: 396
Re: CryptoLocker Foiled by Whitehats
« Reply #4 on: August 07, 2014, 01:07:54 PM »
I saw that. Of course, it only works with the present Cryptolocker, and then only some versions. It doesn't prevent anyone from using another incarnation of the same idea against new victims, taking greater care to protect their private keys.

Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.
That's one of the reasons I've been using Linux >95% of the time. Of course, no OS is bulletproof, but the *nix family has to be orders of magnitude safer than Windows.
"It's true you know. In space, no one can hear you scream like a little girl." - Mark Watney, protagonist of The Martian by Andy Weir

Offline smartcooky

  • Uranus
  • ****
  • Posts: 1966
Re: CryptoLocker Foiled by Whitehats
« Reply #5 on: August 07, 2014, 03:45:01 PM »
Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.

c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.
If you're not a scientist but you think you've destroyed the foundation of a vast scientific edifice with 10 minutes of Googling, you might want to consider the possibility that you're wrong.

Offline BazBear

  • Mars
  • ***
  • Posts: 396
Re: CryptoLocker Foiled by Whitehats
« Reply #6 on: August 07, 2014, 04:29:36 PM »
Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.

c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.
That's for sure. 99%+ of the problems I've dealt with on my less computer savvy friends' computers have been from them installing random crapware etc. It's been years since I've had a malware/virus issue on my own Windows systems; some people I know can't make it a day after a clean install without getting some malware fraking up their OS.
"It's true you know. In space, no one can hear you scream like a little girl." - Mark Watney, protagonist of The Martian by Andy Weir

Offline Echnaton

  • Saturn
  • ****
  • Posts: 1490
Re: CryptoLocker Foiled by Whitehats
« Reply #7 on: August 07, 2014, 09:48:18 PM »

c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.

My office is staffed by computer stupid people who get multi-forwarded cat photo email from computer stupider friends and family.  The bosses wife cannot tell the difference between browsers or the difference between the browser and the web page.   It has always been a problem and an occasional nightmare. I am surprised that nothing worse has happened to us.  But there is a bomb somewhere out there with our name on it that will make a mess I cannot clean up.
The sun shone, having no alternative, on the nothing new. —Samuel Beckett

Offline ka9q

  • Neptune
  • ****
  • Posts: 3014
Re: CryptoLocker Foiled by Whitehats
« Reply #8 on: August 08, 2014, 09:49:39 AM »
That's one of the reasons I've been using Linux >95% of the time. Of course, no OS is bulletproof, but the *nix family has to be orders of magnitude safer than Windows.
Same here. I also used to use Macs, but after the Snowden relevations I no longer trust Apple either.

Offline ka9q

  • Neptune
  • ****
  • Posts: 3014
Re: CryptoLocker Foiled by Whitehats
« Reply #9 on: August 08, 2014, 09:54:55 AM »
c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.
Actually, there is no reason in the world that these precautions should be necessary, or to blame the users for not being superhuman in following them. It is only the abysmal lack of system-level security thinking in the software that makes these precautions necessary for the vast majority of people.

The basic problem is that the designers have failed to follow a rigorous distinction between code (program) and data everywhere in the system. If they did things properly, there'd be no need to warn people about clicking on attachments because nothing bad could happen regardless of what's in them. They'd be considered as pure data, incapable of directing the computer to do anything but to display their contents (though of course this might simply fail entirely if the contents are invalid.)

If the users have a failing, it's their willingness to accept systems in which mistakes they cannot be expected to avoid have such serious consequences. There should be rioting in the streets until this changes.

« Last Edit: August 08, 2014, 09:56:34 AM by ka9q »