All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 13 posts ] 
Author Message
 Post subject: understanding encryption
PostPosted: December 9th, 2013, 11:34 
Offline

Joined: February 13th, 2010, 9:44
Posts: 208
Location: san diego, ca.
in light of such devastating attacks such as Cryptolocker Malware destroying data by FILE ENCRYPTION and typically any automated backups as well I was wondering if there was a way to 'reverse engineer' before attack perhaps by leaving known .TXT files containing the aphabet,numbers, etc. in a specific order. Would this be on any value or is it more complex? So far my only solution is preventing malware executable - after that is seems game over.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 12:00 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
knowing the content of a file will not help you with decryption, if decryption is done with reputable algorithm (like RSA with padding)
And with asymmetric encryption you will never find private key in the actual encryptor (virus code), so the only way to decrypt your files is to get access to the private key i.e. hack the hackers servers or pay the ransom.

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Last edited by Doomer on December 9th, 2013, 12:05, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 12:05 
Offline

Joined: February 13th, 2010, 9:44
Posts: 208
Location: san diego, ca.
Thanks. About what I expected. I am streatching for a way to prevent/ recover from unintended encryption and can think of nothing but blocking executable files.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 12:06 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
warnerr wrote:
Thanks. About what I expected. I am streatching for a way to prevent/ recover from unintended encryption and can think of nothing but blocking executable files.

good antivirus and common sense while reading emails from unknown sources should help

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 12:10 
Offline

Joined: December 8th, 2010, 11:37
Posts: 738
Location: Ottawa, Canada
Google CryptoPrevent and CryptoGuard. They protect against CryptoLocker.

_________________
Sabo Computer Repairs & Data Recovery


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 12:12 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
I think the ransomware is the beginning of another cyber war between hackers and officials. Also I don't think people who produce ransomware are appreciated in the underground world for raising such attention, so I suspect the war will spill a lot of cyber blood :)

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 12:20 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3844
Location: Adelaide, Australia
No, these scumbags are finding ways to make money, plain and simple. They don't care how, or who they target except for self preservation. There is no motivation apart from money, and the usual individual motivations that an group of people might see... fame..fortune..ego etc.

I predict that some of these people involved in the cryptolocker type attacks are going to end up in a world of hurt, or dead. I don't think they really thought through the long term.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 16:27 
Offline

Joined: February 13th, 2010, 9:44
Posts: 208
Location: san diego, ca.
Thanks for the KryptoGuard idea, Larry- looks like its prevention time. Will need to roll that out to clients as I see too much profit in this scam.... so it will likely grow quickly. Much tougher problem to deal with than the last bout of ransomeware that simply modified all extensions.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: December 9th, 2013, 22:03 
Offline

Joined: December 8th, 2010, 11:37
Posts: 738
Location: Ottawa, Canada
You're welcome, warnerr. I put it on all my customers' PCs, along with CryptoPrevent. They're both free, although CryptoGuard is still in Beta and I don't expect it to remain free.

_________________
Sabo Computer Repairs & Data Recovery


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: January 2nd, 2014, 11:14 
Offline

Joined: February 13th, 2010, 9:44
Posts: 208
Location: san diego, ca.
Its Here! Just did a service call to a client that had the displeasure of the Kryptovirus. Compared the registry entries 'encryption log' with what was encrypted: It misses encrypting some of the files in the encrypted list- most pictures were still in the clear, and thankfully QUICKBOOKS was not successfully encrypted. I suspect QB was likely left running on a workstation preventing access. Was nice being prepared for this, adding the suggested tools to prevent reocurrance, and not wasting any time trying to save the destroyed data.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: January 2nd, 2014, 16:40 
Offline
User avatar

Joined: May 5th, 2004, 20:06
Posts: 2782
Location: England
Just keep your files in a crypt container

_________________
All went well until I plugged the drive in.


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: January 3rd, 2014, 13:51 
Offline

Joined: December 8th, 2010, 11:37
Posts: 738
Location: Ottawa, Canada
That won't help if you have the container open to use the file while infected. It will just encrypt the files within the container.

_________________
Sabo Computer Repairs & Data Recovery


Top
 Profile  
 
 Post subject: Re: understanding encryption
PostPosted: January 3rd, 2014, 16:02 
Offline
User avatar

Joined: May 5th, 2004, 20:06
Posts: 2782
Location: England
Be clever then...

_________________
All went well until I plugged the drive in.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group