About Thawte

News

Ransomware news: Mistake makes decryption key accessible to victims

Unless individuals have avoided all connected devices and Internet resources for the past six months or so, or have literally been living under a rock, users have likely heard of one of the most impactful types of malware to recently emerge: Ransomware.

In this style of attack, owners are impeded from access any content on their PCs and are notified with some type of alert that their files have been encrypted. The noticed also states that unless the person pays the ransom, which can range from hundreds to thousands of dollars, he or she will not receive the decryption key and will not be able to unlock their files.

A number of organizations and individuals have fallen victim to this scheme recently, illustrating one of three outcomes: The administrator pays the ransom and receives the decryption key (which does not often occur), the user pays the ransom and receives nothing (which happens more often than white hats would like) or the device owner opts not to take action and leaves their files encrypted in the hopes of finding an alternative solution.

Ransomware mistake: Accessible decryption key
A hacker's ransomware attack hinges on encryption technology, which scrambles content, making it unreadable to anyone without the proper key. However, IDG News Service contributor Jeremy Kirk recently reported that security researchers discovered a fatal flaw in a malicious ransomware program which leaves the decryption key stored within the victim's system.

One of several ransomware programs currently on the malware market today, CryptoDefense utilizes a 2048-bit RSA encryption key. However, Kirk stated that the software's developer obviously did not realize that the private decryption key gets stored on the attacked system upon infection.

"Due to the attacker's poor implementation of the cryptographic functionality they have quite literally left their hostages with a key to escape," stated a security firm that first discovered the flaw.

However, the firm also noted that the decryption key is archived in such a way that the average user is not likely to possess the necessary technical skills to seek out the key on their infected device.

Tips for preventing ransomware
As the typical individual is unlikely to be able to solve this issue themselves, it is important that users understand best practices for preventing an infection in the first place.

PCWorld contributor Eric Geier advised that systems be kept as up-to-date as possible, including installing any security patches for software programs to avoid vulnerable weak points. Individuals can also utilize encryption to protect sensitive content as a means to turn the tables on attackers and leverage their infection strategy against them.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

We have updated our Privacy Policy which can be found here.

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?