2

Inspired by the article The future of Ransomware and its description of possible ransomware with verifiable key delivery, I wonder if the idea can be taken further into ransomware that credibly threatens publication unless a payment is made, yet verifiably destroys the data if it receives payment.

Let us first make some (probably not entirely reasonable) assumptions:

  1. The attacker can maintain control, despite attempts of the security community, of sufficient network resources to exfiltrate data from infected computers with internet connection at a rate of, say, 10 Gbit/s globally (i.e. the bandwidth from all victims combined), and resources to store all data downloaded over that connection.
  2. The attacker possesses a decent heuristic for detecting blackmail-worthy files. The idea is just to avoid almost all of the downloaded data being worthless junk like Windows swap files. (Though it would probably be impossible to avoid the security community deliberately feeding junk designed to trigger the heuristic.)

Would it be possible for a sufficiently motivated attacker to develop ransomware using modern CPU "secure enclave" technologies and e.g. Ethereum that encrypts files and transmits them to the attacker, but in such a way that the attacker can only choose to either decrypt the files or to receive payment, but not both?

For example, is it possible for the attacker to verifiably create an enclave that he runs on his backend computers that either allows releasing funds transferred to an account securely created inside it or to decrypt the files, have that enclave attest itself to the ransomware, and to publish the code running in that enclave so that others can verify that functionality?

Sami Liedes
  • 121
  • 1
  • I think this would have to rely on trust, as some answers have pointed out that it's not possible. If a particular ransomware variant has a reputation for being trustworthy, then I feel like it could work. Establishing this trustworthiness may be easier said than done though. – Awn May 14 '17 at 20:19
  • To be more specific: The real problem with your enclave idea is that you wouldn't find anyone you could trust who'd be willing to audit the enclave code and declare it trustworthy. Look at how few public security audits are done on important software. Look at how long Truecrypt went without one. I can't imagine anyone would be willing to do a security audit on ransomware, of all things. You'd be helping the bad guys if you declared it's trustworthy. – Out of Band May 14 '17 at 21:45

2 Answers2

2

I don't think it's possible to prove that you DON'T know a piece of information.

This is relevant to your question because in order to guarantee that he won't publish your files after payment is received, the attacker would have to prove that he no longer has the decryption key for your data.

Since there was a moment in time where the attacker did have access to that key (when he encrypted the data on your hard drive), he'd have to credibly prove that he couldn't have made a copy of the key.

There's several moments where he could have done that: First, while exfiltrating your data to his backend, he could have used a covert channel to send a copy of the encryption key from your machine to somewhere else.

Second, he could embed a bit of code into the decryption routine that runs after you pay which would send the decryption key out to him either right then, or at some later time.

Third, he could install a man in the middle between you and his secure enclave, and intercept the traffic between your machine and his enclave. Since his "man in the middle" was actually friendly (to him), he could provide it with the encryption key used to encrypt the traffic between you and his endpoint, and you'd never know, because it wouldn't be part of the code you could audit.

Fourth, even if he gave you proof that the code running in his security enclave was the one he gave you to audit, you'd a) actually have to audit the code, to make sure it didn't somehow leak the key or your data, and b) as long as he sat at the other end of a network connection, how could you ever be sure that what he had on his side actually was a secure enclave with the security guarantees you needed, and not just something masquerading as one? You're probably thinking digital signatures, and I'm thinking "complex system, probably faulty".

Out of Band
  • 9,150
  • 1
  • 21
  • 30
  • Well, the enclave, whose code we know, would attest itself to the ransomware, proving that it is running precisely that code and that it runs in a secure enclave (like SGX or TrustZone), therefore inaccessible to the hosting computer. The attacker could eavesdrop for the data exactly like any man in the middle, but would only receive it in encrypted form. I believe it's entirely within current technology to have a TLS connection endpoint in a secure enclave. – Sami Liedes May 14 '17 at 21:02
  • So, it is my impression, which *might* be wrong, that nothing in a secure enclave inherently requires any code running in the enclave to be secret. Essentially, a secure enclave is like a black box computer to which you have a network connection, and which can attest (prove) that it was bootstrapped using a piece of code with a certain cryptographic hash. The trust, I believe, is in the secret key in the CPU which signs the attestation, and its certificate from the CPU vendor. – Sami Liedes May 14 '17 at 21:07
  • "but would only receive it in encrypted form": Yes, but your attacker would have to prove to you that he didn't know the private key for the TLS endpoint in the enclave, and in order to prove that, he'd need to prove that it was generated and quarantined inside the enclave, without him ever being able to access it. It also means your enclave needs to hold an SSL library, which means lots of code. You'd need to audit all the code in order to make sure it doesn't do funny stuff, and while that *might* be theoretically possible, I doubt it's doable in practice. Complexity kills you. – Out of Band May 14 '17 at 21:25
  • Proving that data was securely and unobservably created in an enclave is exactly what the enclaves and attestation are designed for. Yes, the enclave would have to be somewhat complex; however almost any use case for secure enclaves will have to have TLS or similar encrypted transport endpoint capabilities, and it's not hard to find code for that. I agree that pulling off this in practice would be hard; I'm just interested in the theory :) The article I referenced also talks about entirely autonomous ransomware, which I think is even more wild and speculative. – Sami Liedes May 15 '17 at 08:29
2

I don't see any way how this could be possible. When you have a copy of data, there is no way to prove that no other copy of that data exists, because you can not prove a negative. Trying to prove a negative in this case would mean to account for every single storage medium ever built and proving that it is either owned by someone who is not the attacker or doesn't contain this information right now. And that would not only be unfeasible, but would also require to deanonymize the attacker.

Your strategy depends on the criminal to claim "yes, I have a copy of your data, but I can not access that data until a week from now on, and then that data will be deleted". Maybe there is a 3rd party service which provides this functionality and which you can trust. But if the criminal had the technical ability to exfoliate your data and give it to that service, they could also have made a copy in a different place. There is no way for them to disprove that, because while you can prove knowledge of information, you can not prove lack of knowledge. If you think otherwise, please prove that you do not know my stackexchange password (the fact that you didn't log into my account yet proves nothing - you are obviously waiting for the right moment).

This is a general problem of blackmail with information. It gives the blackmailer power over the victim as long as the information is valuable, because it is never possible to prove that every copy of a piece of information was destroyed. The victim would have to trust the blackmailer. But the blackmailer has already acted unethically towards the victim, so there is no reason to trust them. So the only valid "business" model for this kind of crime is continuous exploitation.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • See my answer to Pascal's comment... – Sami Liedes May 14 '17 at 21:02
  • 1
    @SamiLiedes Your comment focuses on the enclave. But that's not the only point where the malware might have sent the data. Keep in mind that software can change its own code (lots of malware does that to make detection harder). So looking at the malware itself to verify that it has no such feature would be pointless. It could simply change its own code to remove that routine (plus the changing-routine itself) after it sent the key to the attacker's other server. – Philipp May 14 '17 at 21:26
  • I agree that is possible. However, malware spreading in the wild certainly can be analyzed, and in all major cases is. So, yes, it would be possible for the attacker to try and attack individual targets with malware that reveals the key to the attacker (and not only the enclave), but he risks being detected. – Sami Liedes May 15 '17 at 08:17