Mistake Made by BitCrypt Developers Allows Experts to Recover Encrypted Files


BitCrypt ransom note and website

Ransomware like CryptoLocker, which encrypts precious files and holds them that way until a ransom is paid, is becoming more and more common. However, not all threats are as difficult to beat as CryptoLocker.

A couple of French security researchers who work for Airbus, Fabien Perigaud and Cedric Pernet, have come across a new piece of ransomware dubbed BitCrypt. They analyzed the malware after it infected a computer belonging to one of their friends and encrypted all the pictures of his children.

Since he had no backups, the only solution was to pay the 0.4 Bitcoin ransom or try to decrypt the files. After analyzing the ransomware, Perigaud and Pernet found that the developer had made a big mistake.

He wanted to generate a 128-byte key (1024 bits), but instead generated a 128-digit number, which is the equivalent of only 426 bits. While RSA-1024 bit encryption is not easily breakable with standard computers, the 426-bit key was cracked in 43 hours on a regular quad-core PC.

The cado-nfs tool has been used to obtain the encryption key. The experts have also published a Python script that’s designed to restore the encrypted files. Additional technical details are available on the Cassidian Cybersecurity blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s