3

Is it possible to crack ransomware encryption if I have 2 versions of a file: before and after the encryption? Are there any tools for such a thing?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Ori Price
  • 133
  • 1
  • 5
  • 3
    You want to construct the encryption key using the original plaintext file? This is a very, very difficult thing to do. – schroeder Jul 06 '15 at 18:38

4 Answers4

5

I'm sure there are tools out there to assist in the process, but I can't think of any off of the top of my head.

The "attack" you would use to break the encryption would be a known plain text attack since you have an unencrypted (plaintext) and an encrypted (ciphertext) version of the same file. If you could change the plaintext and reencrypt it you could turn the process into a chosen plaintext attack, which is slightly easier to break. Depending on the ransomware though it might not use the same encryption technique every time.

Knowing the steps taken to get from one state to the other would require figuring out or breaking the encryption used and as schroeder said this is a very difficult thing to do. It would likely require millions of processing core hours to do.

JekwA
  • 773
  • 7
  • 13
3

Given that the term ransomware applies to an entire class of malicious software and not code from a single entity with a single algorithm anything is possible but it is highly unlikely.

The scenario you describe is called a known plaintext attack and it was useful in breaking WWII (1940s) era cryptography but it is something that modern ciphers are specifically designed to defend against. A modern cipher that can be attacked faster than brute force by using plaintext and ciphertext is considered broken.

https://en.wikipedia.org/wiki/Known-plaintext_attack

So if the author properly implemented AES it is immune to plaintext cryptanalysis. It is possible the malware author was grossly incompetent but I doubt it.

Gerald Davis
  • 2,250
  • 16
  • 17
1

In addition to JekWa's answer, it is important to consider that some ransomware (e.g., CryptoLocker) encrypts each file with its own unique random symmetric key.

This symmetric file encryption key is then encrypted with a unique (for each victim) RSA public key and saved with the encrypted file. Thus the file can really only be recovered if you pay for the RSA private key.

In this case, figuring out the key for any given file would not help you at all with the other files. In fact, the ransomware probably operates this way to defeat this kind of counter-attack. So, really the only recourse you have is factoring the RSA public key modulus, which is impossible (in practice).

hft
  • 4,910
  • 17
  • 32
1

If the ransomware developers have used the crypto wrong, or if they have made other implementation errors then there might be a big advantage for the person doing the recovery. One example is torrentlocker, that used stream ciphers with the same key for every file. This made it extremely simple to recover from the malware as all files could be recovered if one copy of an original file was available.

If you have an actual infection, you could try to find some similar blog posts about the specific ransomware in question. Developers get crypto wrong all the time, I bet it happens to malware developers as well.

Juha Kivekäs
  • 326
  • 2
  • 7