9

If I protect my files with password and use rar or zip files to store these files. Can ransomware encrypt password protected files?

Anders
  • 64,406
  • 24
  • 178
  • 215
Khan
  • 123
  • 2
  • 4
  • 57
    Does putting my valuables in a lockbox prevent someone else from locking them in a bigger box? – R.. GitHub STOP HELPING ICE Oct 05 '16 at 20:09
  • Yes. To access them you'll have to decrypt the ransomware's encryption, and then decrypt the rar/zip file encryption. – user253751 Oct 06 '16 at 06:00
  • Notice that the term "password *protected*" may be misleading. The *file* is not "protected" by the password. Its content is merely encrypted which protects the content from being interpreted by anyone not knowing the password. The files can still be destroyed by (over)writing or deletion, only the plain text version of the content remains inaccessible to third parties. – JimmyB Oct 06 '16 at 09:20

4 Answers4

22

Yes. The zip or rar file will be encrypted like all other files so that they are useless for you. The only protection is making backups to another physical storage.
This will help independantly of whether the files are in a password protected rar or zip format.

kaidentity
  • 2,634
  • 13
  • 30
9

At the OS level, a file whatever is its content or structure is nothing more than a sequence of bytes. That means that the sequence of bytes can be read, encrypted and written again (in a crypted version) regardless of whether it was originally a text file, a JPEG image, or a ZIP archive.

So yes, password protected files will be encrypted by the ransomware. At at decryption time (if you pay) you will get back a copy of the original files that will still need the original password to be used, because the copy occured at the byte sequence level.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
7

Think of your zip as a house (with your data inside the house). Your house has a locked door. The ransomware builds a house around your house with its own lock. You cannot get inside your house unless you can get inside the ransomware's house.

CobaltHex
  • 171
  • 2
  • 2
    The only problem with this metaphor is that it's highly impractical to build a house around another house. But still fun to think about haha. – Shelby115 Oct 06 '16 at 03:02
  • 1
    It's more like they hire 100 thugs to surround your house and prevent you from going in. – Nelson Oct 06 '16 at 05:38
  • Maybe the simpler analogy would be building a barrier around your house? – Jean Hominal Oct 06 '16 at 07:12
  • building a moat around your castle – CobaltHex Oct 06 '16 at 08:07
  • @Shelby115 Just because it's impractical doesn't mean it hasn't been done :P The basilica (ok, so it's not _technically_ a house) in [Loyola](https://en.wikipedia.org/wiki/Sanctuary_of_Loyola) is built around the family home of the founder of the Jesuit order. Mind you, I don't think it was done without anybody noticing until after it was built, unlike how ransomware works. – Iker Oct 06 '16 at 08:26
  • 2
    @Iker It's an interesting question, tho': With sufficiently modular prefabs, trained builders and a long winter night; how big of a house could one build a new house around overnight (which is close enough to 'nobody noticing' in the real world, I'd say)? – Williham Totland Oct 06 '16 at 11:22
1

Can you put a password-protected zip file into another password-protected zip file? The answer here is yes, and you can try this out yourself. Ransomware does essentially the same thing, but this time you don't know the password to the outer file.

The reason this works is that encryption and decryption is just a way to turn one sequence of bytes into another sequence in a way that makes use of the password. Whether the input of this was produced by yet another encryption does not matter, since the meaning of the sequence of bytes is irrelevant for the process.

wizzwizz4
  • 273
  • 3
  • 9
MvG
  • 745
  • 5
  • 10