File-encrypting Trojans are becoming so complex that security companies could soon be powerless to reverse their effects, a new report from Kaspersky Lab has said.
The report notes the rapid evolution of the public key encryption used by one family of crypto malware, Gpcode, which went from using 56-bit to 660-bit RSA in a matter of weeks.
Trojans that encrypt data files on a user’s PC before demanding a payment in return for supplying the key to unlock the files, commonly termed “ransomware,” have come from nowhere in recent months to become a measurable problem.
At the time of the Gpcode.ag discovery in June, Kaspersky described the process required to decrypt such a key as equivalent to setting a 2.2GHz PC to work for 30 years.
In the event, the company managed to work out the key using a technique it was unwilling to reveal.
“We were able to decrypt 330 and 660-bit keys within a reasonably short space of time,” said Aleks Gostev of Kaspersky Lab. “But a new variant with a longer key could appear at any time. If RSA, or any other similar algorithm which uses a public key, were to be used in a new virus, antivirus companies might find themselves powerless, even if maximum computing power was applied to decrypting the key,” he warned.
Gostev raised the alarming possibility that victims could at some point in the near future have their files encrypted in such a way that the security industry would not be able to issue a fix. If this comes to pass—and Kaspersky’s claims that the day is not far off are plausible—it will mark an important moment for the whole software security industry.
The obvious answer could be simply not to allow ransomware onto a PC in the first place, an approach that Gotsev and other security companies will be keen to stress.
The other defense will have to be more assiduous pursuit of the distributors of such products, or novel technical solutions that prohibit the low-level interference with a computer’s files system necessary for encryption to happen in the first place.
“Unfortunately, the authors behind the Gpcode, Cryzip and Krotten ransomware are still free,” said Gostev. “However, even if they are arrested, there’s nothing to prevent other malicious users from implementing such techniques in order to make money.”
-John E. Dunn, Techworld.com (London)
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.