File-encrypting Trojans are becoming so complex that security companies could soon be powerless to reverse their effects, a new report from Kaspersky Lab has said.The report notes the rapid evolution of the public key encryption used by one family of crypto malware, Gpcode, which went from using 56-bit to 660-bit RSA in a matter of weeks.Trojans that encrypt data files on a user’s PC before demanding a payment in return for supplying the key to unlock the files, commonly termed “ransomware,” have come from nowhere in recent months to become a measurable problem. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe At the time of the Gpcode.ag discovery in June, Kaspersky described the process required to decrypt such a key as equivalent to setting a 2.2GHz PC to work for 30 years. In the event, the company managed to work out the key using a technique it was unwilling to reveal.“We were able to decrypt 330 and 660-bit keys within a reasonably short space of time,” said Aleks Gostev of Kaspersky Lab. “But a new variant with a longer key could appear at any time. If RSA, or any other similar algorithm which uses a public key, were to be used in a new virus, antivirus companies might find themselves powerless, even if maximum computing power was applied to decrypting the key,” he warned. Gostev raised the alarming possibility that victims could at some point in the near future have their files encrypted in such a way that the security industry would not be able to issue a fix. If this comes to pass—and Kaspersky’s claims that the day is not far off are plausible—it will mark an important moment for the whole software security industry.The obvious answer could be simply not to allow ransomware onto a PC in the first place, an approach that Gotsev and other security companies will be keen to stress.The other defense will have to be more assiduous pursuit of the distributors of such products, or novel technical solutions that prohibit the low-level interference with a computer’s files system necessary for encryption to happen in the first place.“Unfortunately, the authors behind the Gpcode, Cryzip and Krotten ransomware are still free,” said Gostev. “However, even if they are arrested, there’s nothing to prevent other malicious users from implementing such techniques in order to make money.”-John E. Dunn, Techworld.com (London)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 CIO 100 CIO 100 feature 9 famous analytics and AI disasters Insights from data and machine learning algorithms can be invaluable, but mistakes can cost you reputation, revenue, or even lives. These high-profile analytics and AI blunders illustrate what can go wrong. By Thor Olavsrud Sep 22, 2023 13 mins Technology Industry Generative AI Machine Learning feature Top 15 data management platforms available today Data management platforms (DMPs) help organizations collect and manage data from a wide array of sources — and are becoming increasingly important for customer-centric sales and marketing campaigns. By Peter Wayner Sep 22, 2023 10 mins Marketing Software Data Management opinion Four questions for a casino InfoSec director By Beth Kormanik Sep 21, 2023 3 mins Media and Entertainment Industry Events Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe