|
Has Ransomware Learned from Cryptovirology? |
|
|
|
Source: NewsFactor - Posted by Pax Dickinson
|
A secure cryptovirus, cryptotrojan or cryptoworm contains a payload that activates under a particular circumstance. When it activates, it generates a random symmetric key and encrypts the victim's files with it. This key is then encrypted in turn with the attacker's public key to produce an asymmetric ciphertext.
The symmetric key and original files are "zeroized." The attacker holds the data for ransom in return for the symmetric key. If the victim cooperates, then the victim pays the ransom and sends the asymmetric ciphertext to the attacker. The attacker then decrypts it. Only the attacker can perform this decryption because only the attacker has access to the needed private decryption key. The symmetric key is then returned to the victim to enable the files to be recovered.
Analysis of the malware reveals the attacker's public key, which in no way reveals the corresponding private key. It is the use of public-key cryptography, as opposed to the use of symmetric cryptography alone, that separates cryptoviral extortion from previous attempts by hackers to hold data for ransom. Moti coined the term cryptovirus to denote a virus that contains and uses a public key, usually the public key of the malware author.
Read this full article at NewsFactor
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
