I'm not a cryptographer, just a "hacker" with some experience in cracking encryption. Obviously, brute forcing every infected machine isn't feasible. Here's an example of how the virus might work and how to find it's weakness:The virus/agent finds its way into the system. It generates a random number, it's ID number, and then phones home to the ransomer's server ala "I'm agent 2CBF342A, send me a public key". On the server, there's the private master key, from which it generates a private key upon request sending it to the agent. The agent then encrypts all of the files it can using this public key and deletes itself.The victim then contacts the ransomer, downloads the decrypter which gives out the public key's fingerprint. Upon payment, the ransomer then sends the passphrase for the decryption key.Proposed attack strategy: gather MANY samples of files before and after encryption and look for a cryptographic weakness in the key generating mechanism. If enough samples can be obtained, most possible key combinations can be eliminated, thus making cracking the public key possible.Although now pretty much obsolete, aircrackn-g used this very method using a weakness in the RC4 encryption method. It makes repeated packet injections of DEAUTH packets forcing the router to send out hundreds of IV packets a second, each one a different 40-bit public key generated from the private one. After around 20k+ packets are obtained, running wepcrack will spit out the correct 104 bit WEP key.I wasn't personally affected by ransomware, however, I volunteer at a non-profit who had their entire NAS encrypted by arena crysis and very much would like to help find a solution to this.
I am facing similar situation today at a non-profit , their data is encrypted with .arena ransomware. I was onsite this morning to examine the extend of the damage.... not good. I have grabbed few files to my USB stick as sample (below are the filenames), and I have also initiated the contact with the perpetrator. Perpetrator replied arrived few hours later demanding for 1 Bitcoin. Anyway, I would just want to know how is your situation progress?
The cost of decryption is 1 bitcoin. (Bitcoin is a form of digital
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
3. Free decryption as guarantee
You can send us up to 3 files for free decryption. The total size of files must be less than 1 Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets,
etc.) ==> The ransom note promised 5 files for free decryption...but now 3?
4. Decryption process:
To decrypt the files, transfer money to our bitcoin wallet number:
"16hNzU5VrpdypVxsCgD74Nc6bHtwnzVucf". As we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
5. The process of buying bitcoins:
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins        Also you can find other places to buy Bitcoins and beginners guide
http://www.coindesk.com/information/how-can-i-buy-bitcoins/        Localbitcoins Buy bitcoins online or with cash - fast and easy