The evolution of encryption malware
Posted by: Timothy Weaver on 04/10/2014 11:01 AM
[
Comments
]
Security vendor Symantec, in its latestInternet Security Threat Report, said it saw a 500 percent increase in the number of attempts across its customer base in 2013 to install encrypting malware. Such malware includes CryptoLocker, CryptorBit and HowDecrypt.
Typically what happens with encryption malware is that the plain-text private key to unlock the data is sent back to the cybercriminals server. CryptoDefense used Microsoft’s Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user’s data. However, the criminals didn't know that the Data Protection API stored a copy of the encryption keys on a victim’s computer.
On March 31, Symantec published a blog post detailing the error. Two days later, they removed the info. The company had second thoughts about dribbling that bit of information since most users unfamiliar with RSA encryption wouldn’t know what to do with it.
And then the cybercriminals fixed it.
Typically what happens with encryption malware is that the plain-text private key to unlock the data is sent back to the cybercriminals server. CryptoDefense used Microsoft’s Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user’s data. However, the criminals didn't know that the Data Protection API stored a copy of the encryption keys on a victim’s computer.
On March 31, Symantec published a blog post detailing the error. Two days later, they removed the info. The company had second thoughts about dribbling that bit of information since most users unfamiliar with RSA encryption wouldn’t know what to do with it.
And then the cybercriminals fixed it.
Comments
