Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware - is there no type of generic brute force app?


  • Please log in to reply
1 reply to this topic

#1 JonnyDBX

JonnyDBX

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 13 April 2018 - 02:58 AM

hey guys,

 

so i've got a machine which has been infected by ransomware.

Uploading the ransom note to one of the security sites tells me that it is 'Globe Imposter 2.0', for which there is no known decryptor. 

 

I'm wondering, given that we know what it is and know it uses a AES 256 Encryption, can I not somehow attempt to brute force the encryption key if I can find a unencrypted version of one of the infected files?

Am I right in thinking if we know the encryption type, we know the length of the encryption key?

 

Am I thinking about this too simplistically?

 

I have some pretty powerful servers sat around here doing nothing - I could easily put them to use if this were something that is possible.

 

any advice is appriciated


Edited by Chris Cosgrove, 13 April 2018 - 04:56 PM.
Moved from Windows Server to Ransomware Help and Support


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:01 AM

Posted 13 April 2018 - 05:18 PM

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with, the type of encryption used by the malware writers and a variety of other factors as explained here. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on the thoroughness of the malware creator, what algorithm the creator utilized for encryption, discovery of any flaws and sometimes just plain luck. Many ransomware variants use a public and private key system where the public key is used to encrypt and the private key is used to decrypt. The private key is stored on a central server maintained by the cyber-criminals and not available unless the victim pays the ransom or at some point, law enforcement authorities arrest the criminals...seize the C2 server and release the private RSA decryption keys to the public.

Dr.Web statistics show that the probability of restoring files compromised by encryption ransomware doesn't exceed 10%.

Dr.Web: Encryption ransomware - Threat No. 1

With GlobeImposter 2.0 there is no way to retrieve the malware developer's private key that can be used to decrypt your files without paying the ransom.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users