New ransomware leaves decryption key on victims’ computer
Posted by: Timothy Weaver on 04/01/2014 08:23 AM
[
Comments
]
CryptoDefense, a malicious software program that encrypts a person’s files until a ransom is paid, has a crucial error according to Symantec: it leaves the decryption key on the victims’ computer.
As with other ransomware, files are encrypted by CryptoDefense using a 2048-bit RSA key.
Symantec wrote: “Due to the attacker’s poor implementation of the cryptographic functionality they have quite literally left their hostages with a key to escape.” The private key is also stashed on the user’s computer in a file folder with application data.
This ransomware demands a payment of either US$500 or €500 within four days. If not paid, the ransom doubles.
CryptoDefense is sent out in a spam message with a PDF as the payload. Symantec said it has blocked 11,000 CryptoDefense infections in more than 100 countries.
As with other ransomware, files are encrypted by CryptoDefense using a 2048-bit RSA key.
Symantec wrote: “Due to the attacker’s poor implementation of the cryptographic functionality they have quite literally left their hostages with a key to escape.” The private key is also stashed on the user’s computer in a file folder with application data.
This ransomware demands a payment of either US$500 or €500 within four days. If not paid, the ransom doubles.
CryptoDefense is sent out in a spam message with a PDF as the payload. Symantec said it has blocked 11,000 CryptoDefense infections in more than 100 countries.
Comments
