Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

With ransomware on the rise, cryptographers take it personally

Lucian Constantin | April 27, 2015
Some of the world's leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed.

Some of the world's leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed.

Despite law enforcement efforts to disrupt ransomware operations, the prevalence of such programs continued to grow last year, according to a report published Thursday by antivirus vendor F-Secure.

A family of ransomware programs known as Browlock, which impersonates police agencies and asks users to pay fictitious fines in order to regain control of their computers, was one of the top 10 PC threats during the second half of 2014, according to F-Secure's statistics. An increase was also observed among the ransomware threats for Android phones.

While Browlock only prevents users from accessing their desktop, there are other ransomware programs that are much more aggressive and hard to recover from. These threats include Cryptolocker, CryptoWall and CTB-Locker, which encrypt users' files with strong cryptographic algorithms, making it impossible to recover them in the absence of unaffected backups or without paying for the decryption keys.

In what is almost a testament to how audacious and effective these threats are, there have already been several cases of police departments being forced to pay criminals to decrypt their files.

"I think it's a very serious problem," said Adi Shamir, co-inventor of the widely used RSA cryptosystem, when asked about ransomware on a discussion panel at the RSA security conference earlier this week. "It's going to stay with us and we need to think about new techniques to stop it."

Shamir believes that ransomware is an area where the security community failed "in a miserable way," because there are no good products to protect against it. And this is just the beginning, he thinks.

Today ransomware can affect your PC or your mobile phone, but it's only a matter of time until your smart TV and other Internet of Things devices will also be held to ransom, he said.

That time is probably not too far in the future. F-Secure noted in its report the emergence last year of a ransomware program called SynoLocker that infected network-attached storage (NAS) devices made by a company called Synology.

Most file-encrypting ransomware threats use public-key cryptography, where the data is encrypted with a public key that's part of a public-private key pair. Recovering this public encryption key from infected systems does not help, because only the private key, which attackers retain on their servers, can be used to decrypt the data.

Public-key cryptography underpins some of the Internet's most widely used security protocols including SSL/TLS and GPG.

When introducing the topic of ransomware, the RSA panel's moderator, Cryptography Research President Paul Kocher, described it as "the pure evil incarnation of public-key cryptography."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.