Ransomware is a BMOC – that is, big malware on campus. Unless, well… it isn’t.
The Scraper malware talks a big talk about encrypting victim data and paying up in bitcoin (at least $300 per incident), but it actually has a big flaw. In fact, in about 70% of cases, those that get hit can simply recover their data files without incident.
Scraper has aspirational goals: it encrypts Windows users’ Office documents, video and audio files, images, archives, databases, backup copies, virtual machines, encryption keys, certificates and other files on all hard and network drives. It also deletes all system recovery points.
Like most modern ransomware, the user's files are encrypted using AES-256 with a randomly generated one-time key; an individual encryption key is created for each file. But therein lies the issue: the cryptography was not correctly implemented.
“Although Scraper encrypts all files with AES-256 + RSA-2048, in [most] cases they can be decrypted because of the errors made during the implementation of cryptography algorithms,” Kaspersky researchers Victor Alyushin and Fedor Sinitsyn said in a blog post.
CryptoLocker, it is not.
Kaspersky Lab has published a free decryption utility that can remediate the issue for that lucky 70%.
The situation shows that hacking is no longer the province of the technical whiz kids that think in code before actual language. In fact, the ‘profession’ appears to be attracting an altogether more thuggish element.
“This is further evidence, should it be needed, of the dumbing down of cybercrime to the point where there's no requirement for would-be cyber-crooks to know anything about coding before running malware-based scams,” pointed out the Register.