Cryptowall virus/malware

yeah what i was wodnering is when it backs u pthe fiels does it not copy an active version fo the virus which could then encrypt the whole drive.

All the encrypted files would be backed up yes, but because our back up is incremental snapshots we could restore from a point in time before the infection happened.
 
As for those suggesting a brute-force method, aren't these files encrypted with a 2048 bit RSA key? That will take multiple millions of years, even with today's super computers.

Depends a bit, ostensibly brute force decryption isn't feasible but depending on a number of factors if you have an ideal situation with before and after versions of a file and knowledge of the algorithm then a powerful multi gpu home system could break them in weeks. Years back someone showed off something similar with 2048bit RSA with that kind of information in a perfect situation and a pair of 9800gx2 cracking it in 4 days which would have taken approx 16million years to purely brute force.

EDIT: In case its not to clear and so as to not give anyone false hope this is highly theoretical "in a lab" stuff.
 
Last edited:
Seems like Linux/Unix would have a open source decrypt tool to help...

As far as the cryptoraphic community is concerned, RSA (the encryption method) is fairly rock solid - as in, in theory the best you can do is guess and guess and guess (that being the brute force method). The 'millions of years' figures stated are what such a tool would take to decrypt it with such a key size. The biggest threat is most likely that it can theoretically be broken quickly using Shor's algorithm when quantum computers finally take off. The only thing that is likely to really go wrong with it in the near future is if the virus authors decided to do something stupid like use the current time as the seed for the pseudo-random number generator which generates the keys.
 
Last edited:
Back
Top Bottom