Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I would suspect that the keys would be different for each infection.

They are. CryptoLocker[1], which CoinVault is loosely based on, used per infection keys, and the warnings on the Kaspersky site make it clear they don't believe they got all the keys, which would mean there's more than a few keys.

[1] http://en.wikipedia.org/wiki/CryptoLocker

> But then considering this is software made by criminals, I would not expect even the most sensible or trivial of features and security precautions would be implemented.

I'd advise against underestimating your enemy in this global age. These aren't petty thieves akin to digital purse snatchers, working haphazardly, but the work of a few motivated individuals, likely with ties to organized crime.



In my experience, most malware creators are pretty terrible. Even in 2015 it's common for malware to communicate with C&C servers that have classic SQL injection vulnerabilities.

More specifically on the topic of ransomware, have a look at this gem [1], which uses RSA, but the key is 128 ASCII digits. Very similar to the cryptocat disaster. [2]

[1] http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt...

[2] http://tobtu.com/decryptocat.php


There's also cryptodefense, which generated the keys locally. (See https://archive.is/1AGHG, original source doesn't load for me.)


However, the cost-benefit analysis is kind of different. Someone being able to defeat your program just means one lost sale.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: