Shhhh. Ix-nay on the EE-I-A-say!!
Effectively unbreakable encryption isn’t very hard to accomplish.
It took DirecTV 10 years to come up with one
It is actually amazingly hard to do in practice. The theory is one thing. To implement it right is very, very hard.
E.g., people cut corners. One of the early ransomware programs simply did an xor on the files. Lots of easy ways to undo that. E.g., have an original of just one of the files? Xor that with the “encrypted” one and you have the xor key to decrypt them all.
There was also one that researchers figured out the encryption pair creation algorithm enough that they provided a service to victims to send in the key the virus used and they’d provide the decryption key for free.
Given that the encryption side of WannaCry isn’t from the NSA rootkit, who knows how sloppy they were on that? (They were sloppy about some other matters.)
Again, it’s probably fairly safe. The ransomeware criminals want people to tell genuine stories of how it was all OK when they just handed over their few hundred dollars. Their income depends on it.
If a computer has its files encrypted, are those just the ones on the primary hard disk or do secondary disks, flash drives, and backup drives also encrypted?
If they are connected to the computer when the ransonware executes the answer is yes.
All physaically connected drives, all connected network drives, and often all areas to which the user can access to which the malware manages to connect. Having the malware as a Domain Admin or Enterprise Admin can be devastating.
It would probably cost me more than $300 in productivity and time to rebuild all my computer databases, even though everything is backed up.
But, I would rather spend a couple grand getting things back up than pay the asshole who did this to me anything.
If the data was irretrievable, or if it would cost ridiculous amounts to rebuild, then I would have little choice but to pay the ransom, but I wouldn’t be happy about it.
Hopefully, this attack served as a reminded to all companies to review their backup policies, and make sure that they are being properly implemented.
Especially since this particular one is also a worm, meaning it self-replicates (using the NSA hack). If you have any unprotected computers on that network, they directly get infected, not just their shared files.
Though apparently this attack is not too stealthy about it, so maybe you could disconnect before too much damage.
And there is a hole in the WannaCry encryption software. Someone has figured out how to retrieve the encryption key on Windows XP (!) machines in some cases.
Again, writing good encryption software is vastly harder than it looks.
People still use Windows XP???!! :eek:
We had one fellow come in for help, several years ago with Cryptolocker, who was desperate enough to pay. However, at the time, he could not find a way to buy several hundred dollars of bitcoin within the three days. So it was a lost cause. I hear about an infection every month or two, and nobody that I know has actually paid, let alone gotten their files back. (Although I think during cryptolocker, there was a CBC report of some Canadian couple who got their photos back on their home PC by paying)
I’ve seen various businesses from time to time get hit with the various versions of these viruses. Any business with about 10 or 20 computers or more usually has a central file server and a nightly backup. (Which, hopefully, is actually working) The only real solution is to restore the files from backup. I saw one installation where the encryption of the common file server share did the A’s and B’s stopped in the C’s (folder names off the root of the share). We presumed that an anti-virus definition for the virus came out while it was busy trying to encrypt the files… Restore!
Typically these viruses find anything that looks like real data and encrypt it - doc(x), xls(x), pdf, jpg, ppt(x), dat, bak, msg, eml, dbf. They don’t encrypt the Windows system or programs - otherwise, your PC wouldn’t run and they’d never get their money. Also, typically they self-destruct after doing their thing, so that they can’t be analyzed to try and figure out the encryption algorithm. I saw one nasty one a few weeks ago that also seemed to have altered Windows policy to disallow logins by administrator-level users.
Regardless, you have no idea what else was dumped on your PC besides the encryption program - simplest safest solution, wipe the disk and reinstall windows.
Windows XP and Office 2003 were the last iterations, AFAIK, that didn’t phone home to activate. They will probably live forever as virtual machines.
I know a huge number of businesses that still have XP sitting around doing trivial tasks; what more do you need to remote in to Terminal Server? Plus as the recent news reports also mentioned, a lot of those hand-held hardware devices like the courier companies’ “sign here” scanner devices - all run embedded XP.
Article in the NYT relevant to this discussion: Victims Call Hackers’ Bluff as Ransomware Deadline Nears
There was a classic cartoon that used to be part of an advertisement on the back page of Computerworld in the 1980’s - Everyone is standing around the grave, the priest is saying something over the coffin, and one fellow is say to the widow “I know this is a bad time, but did he ever mention anything about backups?”
Can’t emphasize enough how important it is to make backups. All your photos nowadays are kept on your PC. So is your music, your correspondence, your tax returns, etc. Copy to a backup USB stick or disk. UNPLUG THAT, and store it offsite or somewhere safe (I give mine to my inlaws when we go on trips). Refresh it every few weeks. Ransomware is the least of your worries - there’s also fire, theft, natural disasters, etc. or even simple hard disk failure to worry about.
This. I have an external hard drive velcroed out of sight underneath my desk, and every couple of weeks I plug it in and backup my files (and then disconnect it); if my PC gets stolen or blasted by lightning, this will save my bacon.
I have another external hard drive in a fireproof safe bolted to a shelf in the basement, and every few months I plug it in and backup my files; if the house burns down or gets blown away by a tornado, this will save my bacon. It’s also in a zip-loc bag to prevent any smoke or water damage (the latter not from flooding, but from firefighting efforts).
My brother mentioned a friend of his who interviews prospective employees. One of the questions he asks during these interviews is “what’s your PC/Mac backup strategy?” The ones who don’t answer “uh…none” are given stronger consideration over those that do. 
What confuses people is that writing an encryption algorithm that is completely impractical to break is easy to do, it’s something you can do in a first-year programming class. Coming up with a way to encrypt files that would take a thousand years of supercomputer time to reverse is not a hard exercise, and a one-time pad system is theoretically unbreakable if you don’t have the ‘pad’! What’s actually difficult is making a good encryption implementation, that is figuring out how to encrypt and decrypt files when you want to, and how to do it quickly enough to be practical, and how to handle keys so that you don’t actually lose the data but also so the ‘hacker’ can’t easily get a hold of them.
For ransomware, it would be fairly trivial in theory to generate a completely random key, encrypt all of the files, and send the key back ‘home’ to a central database, then release it when the victim pays. But it gets more complicated in practice, because it’s possible for the call home not to work, to lose track of which key goes to which files, for someone to catch the key before the call home finishes, and a host of other failure cases. Plus maintaining a giant database like that is a lot of work. So (like with any security problem) they’ll take shortcuts and do ‘imperfect’ implementations, by doing things like trying to hide the key locally, or using a non-random algorithm to generate keys (so they can figure out what the key was if it’s lost), or something else along those lines. This is how people are able to figure out what the keys are, or automatically generate a key to decrypt files.
Huh. I always thought they had the allure of not being as traceable.
“Give me $50,000 in unmarked non-consecutive Bitcoins.”
Oh that’s part of their allure, it’s just not an actual property of Bitcoin. It’s incredibly, completely traceable and the complete history of all transactions is shared as a base part of the protocol. You can make ‘wallets’ which theoretically don’t have any connection to a real person, but at some point in the chain of transactions you’ll have to convert from bitcoins to real money, and that nails down a real identity for the transactions. If you didn’t buy bitcoins or cash them out to real money or use them to buy any real goods or services you could be anonymous, but that’s kind of useless.