help, cryptolocker, I have no options other than to decrypt

provoko

Gawd
Joined
Aug 6, 2004
Messages
656
So basically my brother go infected by cryptolocker and he got infected, so his files are encypted. Ransom won't work, decrypt server is toast, this is a virus out of control.

Seems like it's also impossible to decrypt once you're infected. But I was thinking, I'll take that challenge. I have a super fast computer: 32 thread, 64gb machine w/ GTX 660 Ti w/ 1344 cuda cores.

If I gotta be the first person to decrypt, fine, i'll be the first.

I'm going to get the public key from the Windows registry, if it's still there, here, I think:
HKCU\Software\CryptoLocker, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Cryptolocker, others?

If I have no public key to crack......... can I generate enough public and private keys to crack a file at random? I was reading this is encypted using RSA...... again, think of the power of my computer! =) If i gotta rent space on AWS, FINE I will.

I'm gonna use an ubuntu CD to copy his personal files, including the encrypted files; hopefully not all his files are encrypted...
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
I doubt these programs actually DO encrypt the data, they probably scramble it in a way that's not reversible or literally just replace them with junk. They just want gullible people to pay thinking they'll get their data back, but when they do pay, they're still not getting their data back. At least that's my guess.

Consider it deleted, and start restoring from a backup after clean installing the machine.
 

provoko

Gawd
Joined
Aug 6, 2004
Messages
656
I doubt these programs actually DO encrypt the data, they probably scramble it in a way that's not reversible or literally just replace them with junk. They just want gullible people to pay thinking they'll get their data back, but when they do pay, they're still not getting their data back. At least that's my guess.

I had the same guess, I was definitely mistaken:
http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Ha that is interesting. I did not figure a virus writer would go to those lengths.

This also shows the importance of offline backups, it looks like this will even do mapped drives. Pretty nasty.
 

k1pp3r

[H]F Junkie
Joined
Jun 16, 2004
Messages
8,263
Oh yeah, this one is fun. I have had it fully encrypt a network share when a users PC got infected with it.

This is pure nasty and we have not been able to recover from it without restoring from a backup.
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,814
You're never going to break a 2048 bit key no matter how much computing power you have access to unfortunately. If you can't pay the ransom and don't have backups, the data is gone forever.
 

Blackjack

[H]ard|Gawd
Joined
Oct 29, 2007
Messages
1,340
Unless you have some really good friends at the NSA, you're better off hiring a monkey to randomly type 1's and 0's until it happens to reproduce the files that were encrypted. Restoring from backup is the only option that wont take upwards of 5 million years. And if you don't have a backup well...lesson learned.
 

mngl1500

2[H]4U
Joined
Feb 28, 2005
Messages
3,457
Updates, backups and software policies to not let software run in appdata.

Otherwise kiss you data goodbye.
 

Brak710

[H]ard|Gawd
Joined
Oct 27, 2008
Messages
1,424
This is a real encryption put on the files, and with current technology (and foreseeable future technology)... it's irreversible other than having that private key to decrypt.

Not even the NSA x 100 could figure out how to get your documents back.
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Not even the NSA x 100 could figure out how to get your documents back.

That's what they want us to think. I'm sure they have ways that probably don't involve brute force, or simply enough computing power for brute force to work anyway. Of course you can't just show up at their office with a laptop and ask them to decrypt it for you. :D
 

dave99

2[H]4U
Joined
Jan 20, 2011
Messages
2,129
rename your important files to "jihadplot1againsttheinfidels.doc", maybe the NSA will decrypt for you..
 

dave99

2[H]4U
Joined
Jan 20, 2011
Messages
2,129
This virus should be a wakeup call for everyone, you've got to have multiple copies of your critical data, including offsite, and HAS to have versioning features. Otherwise if you aren't paying attention, encrypted files with just transmit to your offsite backup and overwrite the good ones. This has made me go through all my stuff, and more importantly my clients servers. Make sure shadow copies are configured and running correctly on the servers that host the shared drives. Make sure backups (on and offsite) are running, and you are keeping multiple backups. Makes me glad for ZFS and it's snapshotting capabilities (what I use to host my clients offsites).

reddit thread with all sorts of valuable info:
http://www.reddit.com/r/sysadmin/comments/1p32lx/cryptolocker_recap_a_new_guide_to_the_bleepingest/
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,814
Hah, no. No one is cracking anything. Since I have nothing better to do, here are some fun statistics. The most complex RSA number that has been factored is 768 bit as far as I'm aware. It was done on a sizeable cluster of servers. The group behind it estimated that a single node would have taken 55 years to factor it. These were Opteron 148s and my estimates put them at 4 gigaflops. A 1024 bit number takes about 1024 times the computing time to factor compared to a 768 bit one and a 2048 one about 4.3 billion times that of a 1024 bit one. So, we're looking at 4.4 trillion times the time or 242 trillion years for our poor Opteron 148.

Now to put that all in perspective, the current top supercomputer in the world is Tianhe-2 with about 34 petaflops of computing power. 34 petaflops is a 8.5 million of our Opterons. However, if things scaled linearly, that's still 28.5 million years...should you somehow persuade the Chinese. Now of course this is all assuming things scale up, but even if I'm off by a factor of say, 10000, that really doesn't change anything.
 
Top