Ethical Hacker Community Forums

Ethical Hacking Discussions and Related Certifications => Malware => Topic started by: oneeyedcarmen on June 12, 2008, 09:10:00 AM


Title: Blackmail Trojan
Post by: oneeyedcarmen on June 12, 2008, 09:10:00 AM
Evil geniuses came up with this one...bet they even have sharks with frickin' laser beams

From The Inquirer (http://www.theinquirer.net/gb/inquirer/news/2008/06/11/blackmailing-trojan-encrypts)

Quote
Blackmailing Trojan encrypts hard-drive
Kaspersky Lab asks for help cracking it

By Nick Farrell: Wednesday, 11 June 2008, 8:06 AM


 KASPERSKY Lab has asked the world, plus dog, to help it crack the key to a Trojan that encrypts your hard drive and then demands cash for the key.

Gpcode has been used in isolated "ransomware" attacks for the last two years. The latest version encrypts all .bak, .doc, .jpg and .pdf and deletes the originals. It then erases itself after leaving a message about where to buy a decryption tool.

Kaspersky said that the files the malware encoded cannot be decrypted because it uses a very strong, 1024-bit key.

The insecurity outfit estimates it would take around 15 million modern computers, running for about a year, to crack such a key.

The company has broken Gpcode's encryption keys in the past, but that was only because the malware's maker had made mistakes implementing the encryption algorithm. µ




Title: Re: Blackmail Trojan
Post by: RoleReversal on June 12, 2008, 10:02:41 AM
Seems like a variation on a theme, if you've got backups then you shouldn't have a problem (you do have backups don't you).

IMO this should be an easy one for authorities, follow the money.

Title: Re: Blackmail Trojan
Post by: Kev on June 12, 2008, 08:31:16 PM
Actually depending on where the money is going, it can be hard to track. Well I mean track to the final source. You transfer the money through a few sources and then end up in an unfriendly country and it amazingly disappears. I just hope most people will not be so naive as to assume just by sending money to buy this  decryption tool will correct their problem. 

Title: Re: Blackmail Trojan
Post by: g00d_4sh on June 13, 2008, 03:44:03 PM
Reminds me of a conference I was just at.... where they suggested using 'loosing' of encryption keys for documents as a method for 'destroying' the documents as per a life-expiration thing.  I chuckled at the idea, but this reminds me of it for some reason.  None the less, yeah I have heard of this before.

Title: Re: Blackmail Trojan
Post by: divine on June 20, 2008, 05:03:41 PM
It is not too hard to hide the trail of money these days... especially if you can move it through some particular foreign countries that make retrieving data VERY difficult. I am not going to get into detail because I don't want to give a tutorial on how to do this and get away clean but let's just say that foreign commodities are a great way to leave a dead end. Use your imagination from there...

My co-workers and I were actually called in on an investigation where this happened to an executive of a child company of ours. Lucky for us this version of ransomware used rot13 and not a 1024 bit key which would have sucked for us considering local IT had not implemented backups for their executives laptops....

-Jordan


Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com