French Experts have Cracked and Opened BitCrypt Ransomware
Infosecurity-magazine.com reported during last week of February 2014 stating that two French researchers Cedric Pernet and Fabien Perigaud have identified a fresh variant of ransomware nicknamed BitCrypt.
BitCrypt operates by encrypting the files of victim by employing a cryptographic algorithm like CryptoLocker bug but uses a delicate 426-bit key which is unlike CryptoLocker.
It highlights that it locks files by employing 1024-bit RSA encryption but actually this is not the case.
The duo (referring to Pernet and Perigaud) broke BitCrypt's encryption with no exceptional code in just-around 43 hours on a quad-core personal computer (PC) and in a matter of about 14 hours on a 24-core server on finding a flaw in Delphi-compiled malware's key encryption - "a big mistake from the author". Actually they broke the encryption key with the help of a cryptography expert.
The researchers first saw BitCrypt and encrypted everything on the computer of their friends. According to research, domain 'bitcrypt.info' was registered on 3rd February, 2014.
Victims of BitCrypt probably are directed toward this website where they are asked to set up a Bitcoin purse and pay 0.4 Bitcoins into the purse of the person or people responsible for BitCrypt.
When the criminals received the payment from the infected user's wallet, they send the appropriate encryption key to user for decryption of their files.
The duo found and analyzed a VirusTotal sample of BitCrypt which had been submitted on 9th February, 2014 and then performed a reverse-engineering of the malware.
They found that the malware encrypts more than 50 file types including .doc and .txt files, Power Point, JPEG and other common extensions beside photos.
They said that the origin of the ransomware is yet to be found with web pages in only English and French language. Experts also said that there has been no report of massive infections with this ransomware currently.
Users should always have an updated anti-virus product and should regularly keep back-ups of sensitive information on an external hard-drive which can be used in case they are stung by an unknown and unwanted computer virus.
» SPAMfighter News - 14-03-2014