Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quick CryptoWall Question - Any Hope Comparing Files to Generate Key?


  • This topic is locked This topic is locked
3 replies to this topic

#1 guptasa1

guptasa1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 21 August 2015 - 12:34 AM

Hi there,

 

I'm working on a computer for a client with CryptoWall.  I'm aware there's no hope at all for Brute Force decryption.  I may try Shadow Copy solutions and some others, but I was wondering if I could find an intact file that's "clean" and the same file encrypted, if there's a utility to compare and generate the key from that?  Or is this a waste of time also?

 

The virus itself is already gone, but the files are still locked of course.

 

Thanks!



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:45 AM

Posted 21 August 2015 - 04:21 AM

Hi there,

The method that you proposed is not feasible to do this with CryptoWall since it uses RSA-2048 encryption, which can take millions of years to crack one single key. So if your client does not have clean backups then he's out of luck.

#3 guptasa1

guptasa1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 22 August 2015 - 01:55 AM

Alexstrasza, thanks for the reply.

 

I knew RSA-2048 would take that long to crack without a comparison file - I was just hoping that having an intact file and an encrypted version of the same file would magically allow the key to be generated, but alas I thought that sounded too simple.  Thanks for the feedback.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 AM

Posted 22 August 2015 - 04:21 PM

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in one of the below topic discussions.To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users