0
I've recently been victim of a ransomware attack. I lost some of my files because but I have some of them backed up. If I have for example, the same txt file, one of them encrypted, and the other, exactly the same without encryption, couldn't I decrypt the key and later on, decrypt all my files?
How could that be done?
Mark Stuart
Posted 2016-01-10T19:46:02.317
Reputation: 1
1
If you have one file that's not encrypted and a file that is encrypted, then why decrypt the file that's encrypted if you already have a secondary copy that's not encrypted?
Encryption works with both private and public keys. Both keys have to match in order for the data to be decrypted. Also, keep in mind that Master Encryption Key's (MEK) are also in the mix for file level encryption. Encryption is all the same but can be done so with different flavors, such as SHA1, SHA2, AES-128, AES-256, etc.etc. What these different flavors provide is a more robust security encryption, thus making it harder for people to crack.
Here is how Comodo describes encryption with Public and Private keys:
The Public and Private key pair comprise of two uniquely related cryptographic keys (basically long random numbers). Below is an example of a Public Key:
3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001
The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.
Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.
For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her corresponding Private Key and as a result is the only person with the capability of decrypting the encrypted data back into its original form.
As only Alice has access to her Private Key, it is possible that only Alice can decrypt the encrypted data. Even if someone else gains access to the encrypted data, it will remain confidential as they should not have access to Alice's Private Key.
Public Key Cryptography can therefore achieve Confidentiality. However another important aspect of Public Key Cryptography is its ability to create a Digital Signature.
There would be no real way of getting your data back from the ransomware encryption without having the MEK or Pivate Key. Some preventative measure to take in the future would be to setup daily backups and store the data to a storage device not on your machine. Invest in a really good security software, such as Bit Defender 2016, because it'll have machine learning built-in to learn your habits as well as having an anti- ransomware feature to protect specified directories. And of course, be careful of the links you click on and the software you download and install.
mjaestewart
Posted 2016-01-10T19:46:02.317
Reputation: 37
A bit of correction: SHA-1, SHA256 aren't encryption. They're hashing algorithm, which takes an input and output a seemingly random fixed-length string with NO WAY of doing the reverse. – Kurumi Gaming – 2018-06-22T18:38:52.723
0
No, that would only work for very simple grade-school level encryption. For example IBM becomes HAL if you "go back one" for each letter, effectively subtracting "A" from each letter. Instead of a single letter, you could subtract your password; e.g. "CAT": 3 for the first letter, 1 for the second, and 20 for the third. You can do that repeatedly for the entire document. That's the sort of scheme for which you can derive the password when you have the original and result.
Unfortunately, ransomware encryption is much more complicated and robust.
Ken
Posted 2016-01-10T19:46:02.317
Reputation: 7 497
2Only if you have the encryption key, and you don't, nor can you get it, So No you cannot. – Moab – 2016-01-10T19:47:39.657
No; encryption does not work like that – Ramhound – 2016-01-10T20:04:04.613
3
However, for some specific ransomware, keys are available: see https://noransom.kaspersky.com/ for a list.
– DrMoishe Pippik – 2016-01-10T20:05:12.527Even more, @Moab, if one has the encryption key, then for asymmetric cryptography one still would not have the decryption key.
– Arjan – 2016-01-10T21:29:46.007That's why it is called Ransom Ware, you don't pay the ransom, you don't get your data back, ever. – Moab – 2016-01-10T22:07:38.700
Or, if you have good backups (like everyone should, but few really have) then you wouldn't have to worry about this at all, just erase & reinstall – Xen2050 – 2016-01-14T02:22:47.507