BitCrypt functions by encrypting its victim’s files with a cryptographic algorithm, in a similar scheme to the CryptoLocker bug. But unlike that frightening, nasty, difficult-to-fix problem, BitCrypt uses a weak 426-bit key.
It says that it locks down files with 1024-bit RSA encryption – but that’s not actually the case.
Cedric Pernet and Fabien Perigaud from Cassidian, the security division of the European Aerospace Defence and Space group, were able to break BitCrypt’s encryption using no special code in just 43 hours on a quad-core PC and just 14 hours on a 24-core server.
After a friend’s pictures were held hostage by the bug, the two went to work, starting with the domain bitcrypt.info, which was registered on February 3. That’s the site where victims are sent to read the ransom note demanding that they pay 0.4 Bitcoins into the criminals’ Bitcoin wallet.
The way it works is this: For each interesting file it encounters, a new 16-character random password is generated, and a 192-bit key is derived using PBKDF2 with HMAC-SHA1, with a random salt and 1000 iterations. The resulting key is used to encrypt the file content using AES in CTR mode. All these operations are performed using AESLib.pas. The AES key is then RSA-encrypted using the previously chosen key. This time, the FGIntRSA module is used. The resulting file has the ".bitcrypt" extension appended to its filename.
Once payment is received, the scammers give the victims the encryption key necessary to unlock their files.
After some analysis, the researchers were able to reverse-engineer one of BitCrypt’s configuration files, and came upon the fact that the encryption wasn’t deployed correctly.
“The [decoded] number has 128 digits,” the pair wrote in a blog post, “which could indicate a (big) mistake from the malware author, who wanted to generate a 128 bytes key.”
As always, users should have an anti-virus product that is up-to-date, and should make regular backups of sensitive data on an external hard-drive or somewhere on internet.