lesselp true. ransomware is constantly being spread by hackers. wannacrypt is becoming notorious because of it's attack vector. also like it was said in the video a lot of ransomware requires for you to be online. wannacrypt does not.
imagine if someone made ransomware that doesnt ask for money but forces you to play cookie clicker or flappy bird to get points to decrypt files as you play.
There is also important reason for why each file has its own AES key. If you extract the AES key being used at the moment (which is not that hard TBH), you will get key for only one file. All files that were already encrypted will have their AES key encrypted already.
thx so much for this answer, I was wondering why the heck a separate AES key if you cannot get any of them without the private client key. But it all makes sense now.. Sandbox the process while it is still encrypting and boom you're out.
it took me like um idk about hour more or less to understand how thet encryption chain works..very tough to understand it for the first time, but this dude explained it in a very good way. Thanks !
So if it's using Windows' services to generate keys, might a protection against future attacks be for Windows to keep a log of all the keys it has generated?
If they did that, you couldn't rely on the security of those algorithms, since inevitably an exploit would be found to extract the keys from the log. These libraries are used for other encryption tasks where you certainly don't want records of the keys hanging around to be stolen by hackers, etc. In addition, if this was the case, the authors would then simply implement their own version of the encryption algorithm that didn't log the keys (if you're lucky, maybe they'd screw it up and make it insecure in the process).
Why though? The only objective of ransomware is to extract money from its victims. Last I heard, it was pretty successful, having made already several tens of thousands of dollars. Why would the criminal(s) care whether the victims can get their files back? It's like a bank robber paying for the glass window they broke when they drove their truck into the building.
They would care because if people weren't getting their files back after paying the ransom, it would quickly spread that paying is not an option anyway. Ideally, you would provide as much customer service as you can to ensure people are getting their files back.
The advice to ransomware has always been to not pay, but take preventative measures such as creating backups, upholding general vigilance and not letting anyone touch anything they don't understand (which is damn near impossible nowadays). Besides, like the guy in the video said, there are always going to be people who stop thinking with their brain and start acting on emotion when faced with this kind of situation. Statistically speaking, some degree of success is therefore guaranteed. "customer service" I have to admit I chuckled.
Some ransomeware groups have actually provided excellent customer service, going so far as to decrypt the files of people in poorer countries for free.
Lttlemoi backups are only usable if they are not on the network and are not connected to the system. Ransomware can spread over the network and encrypt usb connected devices. The backup has to be offline at the least. Most people still backup to connected drives and then leave them connected.
Snapshots on a file server basically eliminate the risk from a server standpoint, which is super nice. I wish Windows had a file system that allowed for better snapshotting.
A few years ago, a hacker broke into my PC with ransomware. The moment when I saw a black screen with skull and cross bones, I immediately pulled out the plug while the ransomware was running. Hours later, I switched on my PC and chose a restore point of time. My PC was ok after that.
that's why i do full system and data backups once every two days if ransomware blocks me out of a computer (winlocker kind of thing) or encrypts my data (wanacry kind of thing) i can at most lose two days of work and this backup drive is not connected at all times so ransomware cannot affect it, it's turned off and is kept on a shelf the only problem is the data stealers but i have two pieces of antivirus software working against that :)
Here's the best answer I can come up with. If it continues to use a separate AES key for each file, then it would need to upload a huge number of encrypted keys to the CnC server, and send lots of those back decrypted after the ransom was paid. I would assume the ransomware wants to minimize the amount of data sent over the wire to avoid any issues from network activity. If the same AES key was used for all files, then the key would have to persist in memory a lot longer, meaning a slightly higher chance of the key being extracted from memory. Also, not sure if this would be a weakness with AES, but some cryptosystems are susceptible to cryptanalysis, given a large amount of ciphertext encrypted with the same key. Of course both these alternatives still assume a unique AES key for each infected computer. Obviously using the same AES key for all infected computers would mean only 1 ransom would ever have to be paid.
because then if they if wncry wants to decrypt someone's files, everyone can decrypt they're file using the same key. That extra layer is to make sure each computer files get encrypted using different key so if one computer pays and get its "extra layer" key decrypted that key would still not work for the other infected computers (that's giving that there is one "extra layer" key per computer it could be one key per file")
The only thing that comes to my mind is: If I understood correctly, for every file it generates a new AES key Kf. So, if someone pays the ransom and the people behind it decide to give him his files back, they would have to decrypt every single Kf with the server private key.
I have 2 questions on the implementation of WannaCry. The first being what is the benefit of creating an AES key per file why not just one AES key per client. The second what is the benefit of creating the client RSA keys? If the AES key just gets encrypted with the public CnC key that comes with the executable wouldn't that achieve the same result?
After thinking a little bit i think this way the aes key isn't stored for a long time while the virus is running Anyway i don't have any idea why I'm replying to a comment from the last year lol
Very well explained indeed. Worth noting that ideally your filesystem is setup so either you CANNOT change existing files or they are versioned (Files-11, ZFS). Some useful protection can be effected with common file systems by locking files and directories with an administrative account such that your everyday account simply cannot damage them. And of course backup, backup, backup
Could you manage to find out all the AES keys assuming you managed to intercept some of them? Like, while the program is still running, an antivirus or something would intercept the keys, and when you have a few generated keys in order, you could crack the "random" key generation algorithm. Or are they smart enough to use an entropic system that can't be easily cracked?
it is not operating system which prevents other processes to access memory not owned by them, but actually processor itself and it is quite hard to circumvent this protection (kernel can do it as it can access all memory, but it now complicated then just that)
Interestingly, regarding the Windows Crypt API and reversing the encryption, a tool has been released that claims to retrieve the pair of primes used by the API for key generation from memory. AFAIK it has only been shown to work on XP and Windows 7 and of course requires the tool be run almost immediately after encryption has taken place so as to minimise the risk of the initial primes being overwritten in memory.
I had my files encrypted with teslacrypt some time ago... had the luck of decrypt it with the help of a LEGEND in github that made a phyton script to retrieve the public key from one of the files! then used msieve to reconstruct the private key... i was SOOO happy that after a couple of days of of banging my head against the wall.. 160 bits was the length of the private key.. took about 5hs using cuda msieve, with the cpu (fx6300@4.5) got to 20hs and nothing... praise the gpu's!! also i had a close encounter with locky on a client pc, but it didnt erased shadowcopies so it was a piece of cake to restore. Now i've learn my lesson... double backup with 1 hard drive off site (on a drawer :P)
at 4:30+ -- not clear how does wannacry still allow access to the files during the encryption; it must have the private key somewhere, if not on the disk -- then, at least in memory; but what happens if computer gets rebooted while still not completely encrypted?
A disk rack with a cloning feature is the best way IMO to do backups, you just backup regulary on a disk on the drive A, and once in a while you get a drive on the drive B you clone the drive A on it, you disconnect the second drive and you store it in a safe location.
My assumption is just that if the file is small enough, i guess the possible combinations would be small, or if the small encrypted file was a picture of 1 color, however this is totally uneducated thinking.
Nope. Not possible, unless there is a flaw in the encryption algorithm used. AFAIK, none similar flaw has been discovered in AES, and if you found one, you'd be able to make a lot of money out of it. Moreover, even if it were possible, the only thing you could deduce from this is that a plain file you have is the same as an encrypted one. But you won't be able to decrypt any other file since they all use different keys. As stated in this video, if WannaCrypt was done the right way, there's absolutely no way to ever ever be able to retrieve any information about your unencrypted files (apart from a tiny hint on their size). The only hope is that the attacker private key leaks some day, or that people updates their computer in a regular basis. But the former has a lot more chance to happen than the latter, unfortunately 😊
7 years late yeah i know, but what you are describing is known as known plaintext attack, and an encryption algorithm is considered broken if it has such vulnerability.
So i have a question. What if my files on my computer are already encrypted by myself with veracrypt, can wannacry still encrypt or access my files ? Thanks.
5:05 - What if the ransomware is only activated once it has connection to the command server. Command server will generate the public private key par and send only the public key to the ransomeware to encrypt files?
What problems would arise from instead of burying a symmetric key inside the ransomware that's the same for everybody, you put in some code that generated a random number and used that?
Just a note. There is already a decryption tool wannawiki which works on XP, Win7 because those keep private key in memory when wannacry is running. They didn't clean them from memory. So if you haven't shutdown PC you can get to your private key and decrypt your files. blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
AES-ni (SSE 4.1 IIRC) works both ways wrt speedup. You only benefit when someone uses something like pbkdf2 on a mobile device and you try to break it with modern Xeon. It's still probably going to take a hella long time - though pbkdf2 does have to leak the number of rounds (nature of the thing) so you pretty much know ahead of time whether you're pounding your head against a wall or not.
Intel chips in this context means chips with the Intel Instruction Set which AMD would have. Not referring to the brand of chips explicitly. It is short hand instead of listing all brands (AMD/Intel etc.) For those less familiar with architecture the context is confusing and maybe for purpose of video should have been clarified.
So, in essence: 1. Encrypt the entire computer using the fast AES 2. Encrypt the AES key using the public key of the attacker 3. Send the encrypted key file to your attacker so that he can decrypt it and send it back to you. Is there no way to figure out the private key if you have the decrypted file and the encrypted one?
Extremely lay question. Is numerical, brute force decryption of just the symmetric part of this process (the AES part, that uses the referenced generic key Kf) completely infeasible in reasonable timeframes with standard computing power?
If as stated in 14:55 it's quite hard to access memory of other processes in Windows and Linux, how does it happen in memory editors (such as CheatEngine for example)? Do processes have to specify some sort of security policy to enforce that protection? Do memory editors exploit some vulnerability to access other processes' memory?
I have a couple questions about this. First: Suggest a person has multiple drives (partitions or external drives), do they get affected? Second: Suppose someone already has their data encrypted, can they be double encrypted or are they untouchable?
Curtis Smale Usually specific files (documents, images, videos) are targeted in the user's home folder and then other files on any connected drives and possibly the network if write access.
If we have a very large amount of files, how can the ransomware encrypt so fast all of them? can we save some files from being encrypted if we turn off the computer at the moment?
Just a naive thought: Is it not possible to have some kind of UAC-like control on a system's file encryption that could give users an intervention method? Or does it already exist and things like WanaCrypt already bypass it?
wouldn't it be possible, if one has multiple not encrypted copies of encrypted files, to identify the part of the encrypted files which hold the key. Once the individual keys have been identified, one could build the not encrypted keys by comparing the files, and lastly reverse engineer the key to encrypt the file specific key. If there are enough files present?
What if a user tried to search the hard disk free space in order to get past copies of their unencrypted files? Does WannaCrypt wipes or overwrites all that data?
at 16:20 he said that there were told "to undo everything" for CryptoLocker. My mom got hit by cryptolocker a few years ago and I still have the locked files and I have been unable to find these tools he talked about. Can someone please link me these tools. Thankyou.
Mike Pound: "Anyone disassembling this code, and researchers do this within minutes, will immediately find this string" Me on my 3rd hour of a beginner CTF reversing challenge: ...
If the maker of the ransomware bury ks in the software, and it's already the end product, how can people find out whats inside of it without having the source code in hand?
So what benefits brings the asynchronous encryption on client side? I can just generate an AES key, encrypt all files and then store the AES key encrypted with the servers public key. When someone pays me, they send me there encrypted AES key and I can decrypt it with may servers private key and give them their individual AES key.
My employer still keeps this stuff he calls "paper" in a cupboard at work. He can only get it to work with a piece of hardware called a "pen" though, so it seems a bit obsolete.
does this will be illegal or not .... making a ransomware run it like a virus spread over internet but it can be de-Encrypts by user admin password... releasing source code on github ...???
Can you please explain why we need to generate a client side key pair at all? If we encrypt the AES key (Kf) using the server's public key, all should work exactly the same. The command centre will just need to decrypt Kf rather than Cpriv.
-1.) There is a Kf for every file, so the CnC has to decrypt thousands of Kf per Victim instead of only 1 Cpriv. -2.) The CnC cant distinguish which Victim has which Kfs. So only one guy has to pay and just send the Kfs of all Victims.
Thank you for this. I was assuming there is one Kf per machine rather than per file. If each file has a separate AES key, then this would make perfect sense.
Because then you would have to either send all your AES keys to the server and have it decrypt them for you, or the server would have to give you its private key, which means everyone else could use it do decrypt their stuff too.
To address the point of the private key being held in memory, would the newly discovered Spectre & Meltdown exploits, assuming the host system is unpatched, allow you to exfiltrate the private key from memory that way? Obviously, this is also assuming you can somehow get to it before it's encrypted. It seems like it happens so fast, that it's a moot point I'm just coming to this video now that it's been discovered that it can be possible to access memory for other processes due to these exploits
If Microsoft had made it so that all programs or processes needed initial permission to access its encryption libraries, would this have helped to stop the problem? Or forced the software to contain the encryption libraries within themselves - making them accessible to us at some point? Microsoft like prompting for permissions, why not in this case?
Curious since my understanding of encryption is poor. If you had a few known files before encryption would you be able to reverse engineer the encryption key since you would then have a few examples of before and after?
Well this exploit was patched back in March so for this specific one yes you are fine. Creators Update is a feature update rather than security (although it bundles in past security patches incase someone missed them). You still get the normal security updates if you have been patching. Keep in mind that exploits are found all the time so no one is ever safe but in this instance you are 100% safe from this exact malware.
Two questions which I would direct to Dr. Pound (if I could): 1.) If we were to have recorded the exact state of memory of the computer which was infected with wannacry (over the duration of the installation of wannacry and the encryption of the files), would we be able to "replay" and analyse the execution and thereby fish out the keys generated and decrypt the files? 2.) I see wannacry adds an extension to the filename of the encrypted files. What happens when it reaches the windows maximum filename size (of I think 256 characters)? If you ever get to read this Dr. Pound, I would appreciate your insight. P.S: Your name is pretty boss.
I wonder if it is possible, to have a tool, that prevents software from encrypting files, without authorization. Maybe it could use your Windows login password to authorize only specific activities, such as "deleting volume/shadow backups" and "encryption". If it is impossible to distinguish simply modifying a file and encrypting a file, then maybe it could just protect specific folders from having the files be modified without a password or authorization (such as clicking a pattern).
Actually someone managed to create a decryption tool that gets the key from memory. So it was not such a bad research direction. Now, the number of people that would know not to shut the PC down and search for a decryption tool is probably very very small. I guess that if such an attack happens in a business environment even if the IT guy know what to do the person that gets the PC infected will shut it down and then call the IT department. So it does not really help, but it is technically possible.
When you are encrypting a file, you are actually encrypting a copy and then deleting the original right? Can you just look for deleted files. Do they overwrite the original file? Do they do a hard erase on the file?
The new encrypted files would tend to overwrite the deleted versions anyway. You could probably detect that the files were there, but the majority of it would be at least partially corrupted
It is possible to use some program to break the encryption if you had the original files and tempered files for comparison. Although difficult it is still possible depend on the implementation (Some virus only encrypt part of the files to speed up the encryption process). If every single files had an unique key this method is completely throw out of the window.
World gets hit by a ransomware: Milks it for 2 vids in a row. I'm only joking. This was informative and entertaining. Next, teach us all how to write a ransomware ;)
At 13:40 How can AES encryption be so quick? Around 700MBit/s ? I mean ok, if the CPU supports it on the hardware thats cool but don't the files have to be rewritten? Doesn't the hard-drive / SSD speed limit the encryption process? And most SSDs should be limited by SATA3 600MBit/s transfer speeds. Even still it's not like one big sequential file transfer... can someone explain that to me? :)
I think it would be bottlenecked yeah (not the case of course with SSDs nowadays), but I think he said 700 megabits, not megabytes, thus much lower than 600 megabytes per second threshold of SATA and HDDs
Why wasn't Australia that impacted of the virus, from my understanding, we have bad/slow internet compared to other parts of the world , so I wouldn't have thought that we wouldn't have had as many updates that solved this exploit. Do we go about security better, or was there some other reason?
Does the server necessary have to hold a "Hard Copy" of the code? Can't it just have an algorithm that solves the "S priv8" key upon some identity from the user (like hwid, assigned btc address etc) and thus decrypting files. On the other hand, the encryption process don't have to be done with like 770MB/SEC, can't it just have a modification OS sided that when a file is activated, it will shut it and thus further encrypt it?(my wording is a bit off, I have bad English skill) and also if the ransomware is runned upon launching of windows, can't we just close the internet and see what packet were sent from the computer and thus record the domain? (Correct me if I am wrong, I have bad English skill)
Maybe this has been addressed somewhere else, but my biggest question about ransomware like this is: Why can't the OS (Windows) or an anti-virus program just stop modifications of, more than let's say 10, files at a time or something? I mean surely, to encrypt a file has to modify the file in someway? Why can't that behavior be detected and stopped in general? It's not very likely for a user to suddenly modify pretty much all files on their drive, so surely it should be possible to detect? Even modifying one file or saving to a "protected" location, like Program Files, or installing software brings up an admin-approval-prompt in normal usage, why not in this case where a program obviously modifies much more and also touches the registry? I don't get why it's so hard to stop.
I'm kind of confused. Does WannaCrypt only encrypt important files, or does it encrypt all files? If so, how does it find out which ones are important? If he already answered that sorry
Was Dr. Pound using a mini-disc player in like 2017?! And was anyone surprised who's seen more than two of the videos he's previously been featured in that he leaves an unsolved cube on his shelf to annoy people?
correct me if I'm wrong(which I am) but if you had 2 copies of the exact same file, one encrypted and the other not encrypted, wouldn't you be able to compare them and find how the file was encrypted and hence the key?
Wait why is there the double round of asymmetric encryption? Why not encrypt the AES key directly with the server's public key? Why would they need to generate a client public/private key?
The malware author can just ask the victim to sent them the encrypted private key to be decrypted instead of decrypted every single AES key for each files. It also help the author track who pay the ransom, so one guy don't sent everyone's AES key to the author for decryption.
Ohh ok gotcha, thank you. What if a single AES key was used for all files, instead of a bunch of AES keys? That would solve those issues, right? Only one key to send for decryption, and it'd still be randomly generated and unique for each user.
AES get weeker the more data is encrypted with a single key. If you have multiple GB of data encrypted with a single AES key, chances are it will get broken.
Another reason not to use a single AES key is that key need to be kept in plaintext until every targeted files had been encrypted. If user or other detection software (e.g.antivirus) were able to find out midway they can try to extract it from memory. Even worse if the system shutdown midway either by user or by itself. The malware has to choose either give up encrypting the rest of the files or store the plaintext key temporally in disk which make it very easy to be extract. Using RSA public key can insure the plaintext version of every encryption keys can be scrap from memory soon after they were generated, and encryption can resume as normal after a reboot.
I was working under the assumption that it'd take too long to encrypt every single file, and that a quick way to solve that was to encrypt the partition table.
![[LIVE] : ONE ลุมพินี 91 | คู่เอก "คมอาวุธ vs อเล็กเซย์"](http://i.ytimg.com/vi/V0RkEfYFsgM/mqdefault.jpg)
The videos we want to see with the guy who explains it best. Kudos
I'm not sure if you're sending him cuddles or kudos.
longliveriley21 Why not both? 🦀
Its a toddler cuddle.
WanaCrypt has proved one of the more interesting pieces of malware in awhile. Thanks for these, Computerphile!
Just. The Michelangelo of the 10's
lesselp true. ransomware is constantly being spread by hackers. wannacrypt is becoming notorious because of it's attack vector. also like it was said in the video a lot of ransomware requires for you to be online. wannacrypt does not.
It's interesting you still came here to watch a second video of it then.
imagine if someone made ransomware that doesnt ask for money but forces you to play cookie clicker or flappy bird to get points to decrypt files as you play.
Now that really is criminal ;)
um, then I just use CookieMonster to play cookie clicker for me.
it could look bad on the charities behalf if the creators of the program are holding peoples data wanting donations to that charity.
Check out "Rensenware" its a ransomware forcing you to get a high score in a game.
flappy bird are going to be twice the stress
If this dude was my professor, I might have actually attended class.
His lectures are really interactive which is nice
Computer science? He seems like he'd be fun to bs with during office hours. Actually, that's probably something I'll miss the most after school.
Ben Chand agreed! best lecturer at UoN, shame I've only had one module with him
You mean to say that there is a student at nottingham uni with the internet handle "dank memes"? I don't know how to feel about that.
FriedEggSandwich it's only so I can shitpost in peace. already stumbled across another student on reddit
There is also important reason for why each file has its own AES key. If you extract the AES key being used at the moment (which is not that hard TBH), you will get key for only one file. All files that were already encrypted will have their AES key encrypted already.
thx so much for this answer, I was wondering why the heck a separate AES key if you cannot get any of them without the private client key. But it all makes sense now.. Sandbox the process while it is still encrypting and boom you're out.
How did the wannacry hackers get away?
They ran somewhere
Love these videos with Dr. Pound. He can explain stuff in an engaging way and looks like a generally cool guy to hang out with.
I could listen to this guy talking about encryption all day, please make more videos :)
it took me like um idk about hour more or less to understand how thet encryption chain works..very tough to understand it for the first time, but this dude explained it in a very good way. Thanks !
I certainly agree that a series of Dr. Pound speaking on the .onions would be very enjoyable!
So if it's using Windows' services to generate keys, might a protection against future attacks be for Windows to keep a log of all the keys it has generated?
If they did that, you couldn't rely on the security of those algorithms, since inevitably an exploit would be found to extract the keys from the log. These libraries are used for other encryption tasks where you certainly don't want records of the keys hanging around to be stolen by hackers, etc.
In addition, if this was the case, the authors would then simply implement their own version of the encryption algorithm that didn't log the keys (if you're lucky, maybe they'd screw it up and make it insecure in the process).
Lol if that happened every sensible windows user would immediately switch to any other OS, and that might even be illegal
The title should have been "How NOT to develop a BAD ransomware!"
Why though? The only objective of ransomware is to extract money from its victims. Last I heard, it was pretty successful, having made already several tens of thousands of dollars.
Why would the criminal(s) care whether the victims can get their files back? It's like a bank robber paying for the glass window they broke when they drove their truck into the building.
They would care because if people weren't getting their files back after paying the ransom, it would quickly spread that paying is not an option anyway. Ideally, you would provide as much customer service as you can to ensure people are getting their files back.
The advice to ransomware has always been to not pay, but take preventative measures such as creating backups, upholding general vigilance and not letting anyone touch anything they don't understand (which is damn near impossible nowadays).
Besides, like the guy in the video said, there are always going to be people who stop thinking with their brain and start acting on emotion when faced with this kind of situation. Statistically speaking, some degree of success is therefore guaranteed.
"customer service" I have to admit I chuckled.
Some ransomeware groups have actually provided excellent customer service, going so far as to decrypt the files of people in poorer countries for free.
Lttlemoi backups are only usable if they are not on the network and are not connected to the system. Ransomware can spread over the network and encrypt usb connected devices. The backup has to be offline at the least. Most people still backup to connected drives and then leave them connected.
Snapshots on a file server basically eliminate the risk from a server standpoint, which is super nice. I wish Windows had a file system that allowed for better snapshotting.
A few years ago, a hacker broke into my PC with ransomware. The moment when I saw a black screen with skull and cross bones, I immediately pulled out the plug while the ransomware was running. Hours later, I switched on my PC and chose a restore point of time. My PC was ok after that.
Can't some malware contain code that deletes restore points?
@@sethadkins546 Yes, but this particular one must not have
that's why i do full system and data backups once every two days
if ransomware blocks me out of a computer (winlocker kind of thing) or encrypts my data (wanacry kind of thing) i can at most lose two days of work
and this backup drive is not connected at all times so ransomware cannot affect it, it's turned off and is kept on a shelf
the only problem is the data stealers but i have two pieces of antivirus software working against that :)
I love the explainations! The 20 min videos are great, and someone that writes it out with pen, makes it easier to memorize :)
You should do a video on Peer-to-Peer
Woah
They have already in a basic way.
Why not just encrypt the aes keys with the server public keys? Why add an extra layer of rsa on the aes keys?
Smurf En Drek because the video would have been too short
No, i'm asking why didn't wncry use this?
Here's the best answer I can come up with. If it continues to use a separate AES key for each file, then it would need to upload a huge number of encrypted keys to the CnC server, and send lots of those back decrypted after the ransom was paid. I would assume the ransomware wants to minimize the amount of data sent over the wire to avoid any issues from network activity.
If the same AES key was used for all files, then the key would have to persist in memory a lot longer, meaning a slightly higher chance of the key being extracted from memory. Also, not sure if this would be a weakness with AES, but some cryptosystems are susceptible to cryptanalysis, given a large amount of ciphertext encrypted with the same key.
Of course both these alternatives still assume a unique AES key for each infected computer. Obviously using the same AES key for all infected computers would mean only 1 ransom would ever have to be paid.
because then if they if wncry wants to decrypt someone's files, everyone can decrypt they're file using the same key.
That extra layer is to make sure each computer files get encrypted using different key so if one computer pays and get its "extra layer" key decrypted that key would still not work for the other infected computers (that's giving that there is one "extra layer" key per computer it could be one key per file")
The only thing that comes to my mind is:
If I understood correctly, for every file it generates a new AES key Kf. So, if someone pays the ransom and the people behind it decide to give him his files back, they would have to decrypt every single Kf with the server private key.
I have 2 questions on the implementation of WannaCry. The first being what is the benefit of creating an AES key per file why not just one AES key per client. The second what is the benefit of creating the client RSA keys? If the AES key just gets encrypted with the public CnC key that comes with the executable wouldn't that achieve the same result?
I had been thinking exactly same so i checked Comments but unfortunately i haven't found the answer
So if you are reading this comment plz answer me
After thinking a little bit i think this way the aes key isn't stored for a long time while the virus is running
Anyway i don't have any idea why I'm replying to a comment from the last year lol
Very well explained indeed. Worth noting that ideally your filesystem is setup so either you CANNOT change existing files or they are versioned (Files-11, ZFS). Some useful protection can be effected with common file systems by locking files and directories with an administrative account such that your everyday account simply cannot damage them. And of course backup, backup, backup
Could you manage to find out all the AES keys assuming you managed to intercept some of them? Like, while the program is still running, an antivirus or something would intercept the keys, and when you have a few generated keys in order, you could crack the "random" key generation algorithm. Or are they smart enough to use an entropic system that can't be easily cracked?
it is not operating system which prevents other processes to access memory not owned by them, but actually processor itself and it is quite hard to circumvent this protection (kernel can do it as it can access all memory, but it now complicated then just that)
Interestingly, regarding the Windows Crypt API and reversing the encryption, a tool has been released that claims to retrieve the pair of primes used by the API for key generation from memory. AFAIK it has only been shown to work on XP and Windows 7 and of course requires the tool be run almost immediately after encryption has taken place so as to minimise the risk of the initial primes being overwritten in memory.
Great explanation. So has the master key been found?
I had my files encrypted with teslacrypt some time ago... had the luck of decrypt it with the help of a LEGEND in github that made a phyton script to retrieve the public key from one of the files!
then used msieve to reconstruct the private key... i was SOOO happy that after a couple of days of of banging my head against the wall.. 160 bits was the length of the private key.. took about 5hs using cuda msieve, with the cpu (fx6300@4.5) got to 20hs and nothing... praise the gpu's!!
also i had a close encounter with locky on a client pc, but it didnt erased shadowcopies so it was a piece of cake to restore.
Now i've learn my lesson... double backup with 1 hard drive off site (on a drawer :P)
i've nerded out with Dr Pound for hours of content now. keep it comin!
This guy is really good in explaining things, I‘m impressed!
at 4:30+ -- not clear how does wannacry still allow access to the files during the encryption; it must have the private key somewhere, if not on the disk -- then, at least in memory; but what happens if computer gets rebooted while still not completely encrypted?
I think it actually can be reversed if the computer hasn't been restarted. The prime numbers used to generate the keys are still stored in memory.
Matt Brown yep you're right
why not just encrypt the AES key with the server public key? why the extra stage?
A disk rack with a cloning feature is the best way IMO to do backups, you just backup regulary on a disk on the drive A, and once in a while you get a drive on the drive B you clone the drive A on it, you disconnect the second drive and you store it in a safe location.
Which folders or files does WannaCrypt encrypt? Surely not "all", or windows would just stop working.
Dr Pound is just about the only guest on computerphile that provides both interesting and accurate information. Keep these kinds of videos coming!
I wonder if it would be helpfull/possible to decrypt lets say a 10KB file if you have an exact unencrypted version of that file.
chrisjon to work your way around the encription ? hummm ...
I don't know of any way that that would help with AES. Nice idea though. There might be something in there.
My assumption is just that if the file is small enough, i guess the possible combinations would be small, or if the small encrypted file was a picture of 1 color, however this is totally uneducated thinking.
Nope. Not possible, unless there is a flaw in the encryption algorithm used. AFAIK, none similar flaw has been discovered in AES, and if you found one, you'd be able to make a lot of money out of it.
Moreover, even if it were possible, the only thing you could deduce from this is that a plain file you have is the same as an encrypted one. But you won't be able to decrypt any other file since they all use different keys.
As stated in this video, if WannaCrypt was done the right way, there's absolutely no way to ever ever be able to retrieve any information about your unencrypted files (apart from a tiny hint on their size). The only hope is that the attacker private key leaks some day, or that people updates their computer in a regular basis. But the former has a lot more chance to happen than the latter, unfortunately 😊
7 years late yeah i know, but what you are describing is known as known plaintext attack, and an encryption algorithm is considered broken if it has such vulnerability.
So i have a question. What if my files on my computer are already encrypted by myself with veracrypt, can wannacry still encrypt or access my files ? Thanks.
5:05 - What if the ransomware is only activated once it has connection to the command server. Command server will generate the public private key par and send only the public key to the ransomeware to encrypt files?
Not a bad solution, but the one presented IS better. Just because you don't need internet at all
Please make a whole Video about different Backup systems and how to best do it.
No mention of air-gapped backups at the end?
Was wondering if it affects the previous versions of files that you can sometimes find via file properties "previous versions".
From what he said, the ransonware makes a copy of the file it encrypts and delete the original. So my guess is no.
What problems would arise from instead of burying a symmetric key inside the ransomware that's the same for everybody, you put in some code that generated a random number and used that?
Just a note. There is already a decryption tool wannawiki which works on XP, Win7 because those keep private key in memory when wannacry is running. They didn't clean them from memory. So if you haven't shutdown PC you can get to your private key and decrypt your files. blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
Is it possible to find a Ks if you have a copy of the encrypted file which is not encrypted...? Something like comparsion....
Will you make another video on the breakthrough of decrypting wanacryptor files?
13:48 what about a decent AMD machine tho?
There aren't any
AMD has AES instruction implemented as well. Performance should be similar.
AES-ni (SSE 4.1 IIRC) works both ways wrt speedup. You only benefit when someone uses something like pbkdf2 on a mobile device and you try to break it with modern Xeon. It's still probably going to take a hella long time - though pbkdf2 does have to leak the number of rounds (nature of the thing) so you pretty much know ahead of time whether you're pounding your head against a wall or not.
Intel chips in this context means chips with the Intel Instruction Set which AMD would have. Not referring to the brand of chips explicitly. It is short hand instead of listing all brands (AMD/Intel etc.)
For those less familiar with architecture the context is confusing and maybe for purpose of video should have been clarified.
Intel uses the x84-64 instruction set made by AMD. Intel had nothing to do with it's development.
Does WanaCrypt encrypt each file with a different AES key or generate a single AES key then encrypt all files with it?
So, in essence:
1. Encrypt the entire computer using the fast AES
2. Encrypt the AES key using the public key of the attacker
3. Send the encrypted key file to your attacker so that he can decrypt it and send it back to you.
Is there no way to figure out the private key if you have the decrypted file and the encrypted one?
Extremely lay question. Is numerical, brute force decryption of just the symmetric part of this process (the AES part, that uses the referenced generic key Kf) completely infeasible in reasonable timeframes with standard computing power?
If as stated in 14:55 it's quite hard to access memory of other processes in Windows and Linux, how does it happen in memory editors (such as CheatEngine for example)?
Do processes have to specify some sort of security policy to enforce that protection?
Do memory editors exploit some vulnerability to access other processes' memory?
Dont hear any sound on this clip, Why?
Where can I find the "best way to do backup" video which is teased in the end?
I have a couple questions about this. First: Suggest a person has multiple drives (partitions or external drives), do they get affected? Second: Suppose someone already has their data encrypted, can they be double encrypted or are they untouchable?
Curtis Smale Usually specific files (documents, images, videos) are targeted in the user's home folder and then other files on any connected drives and possibly the network if write access.
If we have a very large amount of files, how can the ransomware encrypt so fast all of them? can we save some files from being encrypted if we turn off the computer at the moment?
Just a naive thought:
Is it not possible to have some kind of UAC-like control on a system's file encryption that could give users an intervention method? Or does it already exist and things like WanaCrypt already bypass it?
wouldn't it be possible, if one has multiple not encrypted copies of encrypted files, to identify the part of the encrypted files which hold the key. Once the individual keys have been identified, one could build the not encrypted keys by comparing the files, and lastly reverse engineer the key to encrypt the file specific key. If there are enough files present?
What if a user tried to search the hard disk free space in order to get past copies of their unencrypted files? Does WannaCrypt wipes or overwrites all that data?
at 16:20 he said that there were told "to undo everything" for CryptoLocker. My mom got hit by cryptolocker a few years ago and I still have the locked files and I have been unable to find these tools he talked about. Can someone please link me these tools. Thankyou.
Mike Pound: "Anyone disassembling this code, and researchers do this within minutes, will immediately find this string"
Me on my 3rd hour of a beginner CTF reversing challenge: ...
If the maker of the ransomware bury ks in the software, and it's already the end product, how can people find out whats inside of it without having the source code in hand?
So what benefits brings the asynchronous encryption on client side?
I can just generate an AES key, encrypt all files and then store the AES key encrypted with the servers public key.
When someone pays me, they send me there encrypted AES key and I can decrypt it with may servers private key and give them their individual AES key.
The most important question. Whats up with that paper? Who uses it anymore? Or even have some?
My employer still keeps this stuff he calls "paper" in a cupboard at work. He can only get it to work with a piece of hardware called a "pen" though, so it seems a bit obsolete.
Paper and pen is what you use when you need to understand abstract concepts. A follower like you won't understand.
When I'm working on a particularly hard problem I always find it easier to write them down on paper, helps to order my mind.
You mean fanfold/listing paper, rather than say a4 sheets of paper ?
Thank you. I was talking about the kind of paper.
does this will be illegal or not .... making a ransomware run it like a virus spread over internet but it can be de-Encrypts by user admin password... releasing source code on github ...???
Can you please explain why we need to generate a client side key pair at all?
If we encrypt the AES key (Kf) using the server's public key, all should work exactly the same.
The command centre will just need to decrypt Kf rather than Cpriv.
-1.) There is a Kf for every file, so the CnC has to decrypt thousands of Kf per Victim instead of only 1 Cpriv.
-2.) The CnC cant distinguish which Victim has which Kfs. So only one guy has to pay and just send the Kfs of all Victims.
Thank you for this. I was assuming there is one Kf per machine rather than per file. If each file has a separate AES key, then this would make perfect sense.
Why use two RSA Encryptions? Why not encrypt the AES-Key with the Servers Public Key?
Because then you would have to either send all your AES keys to the server and have it decrypt them for you, or the server would have to give you its private key, which means everyone else could use it do decrypt their stuff too.
To address the point of the private key being held in memory, would the newly discovered Spectre & Meltdown exploits, assuming the host system is unpatched, allow you to exfiltrate the private key from memory that way? Obviously, this is also assuming you can somehow get to it before it's encrypted. It seems like it happens so fast, that it's a moot point
I'm just coming to this video now that it's been discovered that it can be possible to access memory for other processes due to these exploits
If Microsoft had made it so that all programs or processes needed initial permission to access its encryption libraries, would this have helped to stop the problem? Or forced the software to contain the encryption libraries within themselves - making them accessible to us at some point? Microsoft like prompting for permissions, why not in this case?
Curious since my understanding of encryption is poor. If you had a few known files before encryption would you be able to reverse engineer the encryption key since you would then have a few examples of before and after?
Thanks!
I installed all the updates EXCEPT for the Creators Update. Do I need the Creators Update for my Windows 10? Am I safe without it?
Well this exploit was patched back in March so for this specific one yes you are fine. Creators Update is a feature update rather than security (although it bundles in past security patches incase someone missed them). You still get the normal security updates if you have been patching.
Keep in mind that exploits are found all the time so no one is ever safe but in this instance you are 100% safe from this exact malware.
Bellyriaa thank you! I can stop being paranoid about my safety. Lol. I have malwarebytes just in case too.
Is it possible to extract the private key from the server with the encrypted and unencrypted client private key?
Keep doing videos with this guy please!
Two questions which I would direct to Dr. Pound (if I could):
1.) If we were to have recorded the exact state of memory of the computer which was infected with wannacry (over the duration of the installation of wannacry and the encryption of the files), would we be able to "replay" and analyse the execution and thereby fish out the keys generated and decrypt the files?
2.) I see wannacry adds an extension to the filename of the encrypted files. What happens when it reaches the windows maximum filename size (of I think 256 characters)?
If you ever get to read this Dr. Pound, I would appreciate your insight.
P.S: Your name is pretty boss.
I wonder if it is possible, to have a tool, that prevents software from encrypting files, without authorization. Maybe it could use your Windows login password to authorize only specific activities, such as "deleting volume/shadow backups" and "encryption". If it is impossible to distinguish simply modifying a file and encrypting a file, then maybe it could just protect specific folders from having the files be modified without a password or authorization (such as clicking a pattern).
I love Dr. Pound. Okay, I really like his videos. I guess there's a difference.
More awesome content like this from the doctor please.
Actually someone managed to create a decryption tool that gets the key from memory. So it was not such a bad research direction. Now, the number of people that would know not to shut the PC down and search for a decryption tool is probably very very small. I guess that if such an attack happens in a business environment even if the IT guy know what to do the person that gets the PC infected will shut it down and then call the IT department. So it does not really help, but it is technically possible.
I'm still a bit confused as to how it doesn't need to connect to the internet. Is that it just encrypts your files first, then tries to connect later?
When you are encrypting a file, you are actually encrypting a copy and then deleting the original right? Can you just look for deleted files. Do they overwrite the original file? Do they do a hard erase on the file?
The new encrypted files would tend to overwrite the deleted versions anyway. You could probably detect that the files were there, but the majority of it would be at least partially corrupted
Can you talk about the tool that DOES decrypt this ransomware as long as you havent restarted? It was just released.
so why does the program generate a different AES key for each file if getting hold of the client's private key can decrypt all files in the system?
It is possible to use some program to break the encryption if you had the original files and tempered files for comparison. Although difficult it is still possible depend on the implementation (Some virus only encrypt part of the files to speed up the encryption process). If every single files had an unique key this method is completely throw out of the window.
While I don't agree with Ransomware, Wannacrypt is/was a work of art. If only this knowledge could be used for good.
What happens when it goes to encrypt a file, and that file is being used? does it just skip that, and keep going
World gets hit by a ransomware:
Milks it for 2 vids in a row.
I'm only joking. This was informative and entertaining. Next, teach us all how to write a ransomware ;)
KingOfDuckz reported for crimes
He just did it, you didn't pay attention.
Yeah what furrane said... All you need to do now is "git clone openssl", "make" and then "git gud scrub"
he just did precisely that unless you need further instruction on programming itself:D
FireSnake yeah but only like .001% of ppl can do that
What I'm wondering is, why does ransomware have write access to the files, or if it doesn't by default, how does it obtain it?
This is the best Host ever in this show! :D
couldnt you in theory, create some sort of files that would have specific data, that when encrypted, would help find the encrypting key?
At 13:40
How can AES encryption be so quick? Around 700MBit/s ? I mean ok, if the CPU supports it on the hardware thats cool but don't the files have to be rewritten? Doesn't the hard-drive / SSD speed limit the encryption process? And most SSDs should be limited by SATA3 600MBit/s transfer speeds. Even still it's not like one big sequential file transfer... can someone explain that to me? :)
I think it would be bottlenecked yeah (not the case of course with SSDs nowadays), but I think he said 700 megabits, not megabytes, thus much lower than 600 megabytes per second threshold of SATA and HDDs
Why wasn't Australia that impacted of the virus, from my understanding, we have bad/slow internet compared to other parts of the world , so I wouldn't have thought that we wouldn't have had as many updates that solved this exploit. Do we go about security better, or was there some other reason?
I concur, a video on how Tor works would be really welcome!
Does the server necessary have to hold a "Hard Copy" of the code? Can't it just have an algorithm that solves the "S priv8" key upon some identity from the user (like hwid, assigned btc address etc) and thus decrypting files. On the other hand, the encryption process don't have to be done with like 770MB/SEC, can't it just have a modification OS sided that when a file is activated, it will shut it and thus further encrypt it?(my wording is a bit off, I have bad English skill) and also if the ransomware is runned upon launching of windows, can't we just close the internet and see what packet were sent from the computer and thus record the domain? (Correct me if I am wrong, I have bad English skill)
Is that a MF3RS?
when is hidden services video coming?
Maybe this has been addressed somewhere else, but my biggest question about ransomware like this is: Why can't the OS (Windows) or an anti-virus program just stop modifications of, more than let's say 10, files at a time or something? I mean surely, to encrypt a file has to modify the file in someway? Why can't that behavior be detected and stopped in general? It's not very likely for a user to suddenly modify pretty much all files on their drive, so surely it should be possible to detect? Even modifying one file or saving to a "protected" location, like Program Files, or installing software brings up an admin-approval-prompt in normal usage, why not in this case where a program obviously modifies much more and also touches the registry? I don't get why it's so hard to stop.
I'm kind of confused. Does WannaCrypt only encrypt important files, or does it encrypt all files? If so, how does it find out which ones are important? If he already answered that sorry
Was Dr. Pound using a mini-disc player in like 2017?! And was anyone surprised who's seen more than two of the videos he's previously been featured in that he leaves an unsolved cube on his shelf to annoy people?
correct me if I'm wrong(which I am) but if you had 2 copies of the exact same file, one encrypted and the other not encrypted, wouldn't you be able to compare them and find how the file was encrypted and hence the key?
You could but it would take a rather long time
No.
So can like earth's best supercomputer can go and crunch that factorization problem and get that server private key? Or that gonna take million years?
Wait why is there the double round of asymmetric encryption? Why not encrypt the AES key directly with the server's public key? Why would they need to generate a client public/private key?
The malware author can just ask the victim to sent them the encrypted private key to be decrypted instead of decrypted every single AES key for each files. It also help the author track who pay the ransom, so one guy don't sent everyone's AES key to the author for decryption.
Ohh ok gotcha, thank you. What if a single AES key was used for all files, instead of a bunch of AES keys? That would solve those issues, right? Only one key to send for decryption, and it'd still be randomly generated and unique for each user.
AES get weeker the more data is encrypted with a single key. If you have multiple GB of data encrypted with a single AES key, chances are it will get broken.
Ah ok I see. Thank you guys very much, that makes sense.
Another reason not to use a single AES key is that key need to be kept in plaintext until every targeted files had been encrypted. If user or other detection software (e.g.antivirus) were able to find out midway they can try to extract it from memory. Even worse if the system shutdown midway either by user or by itself. The malware has to choose either give up encrypting the rest of the files or store the plaintext key temporally in disk which make it very easy to be extract. Using RSA public key can insure the plaintext version of every encryption keys can be scrap from memory soon after they were generated, and encryption can resume as normal after a reboot.
Ohhhh - is that a scrambled Ghost Cube I spy up on the shelf? Nice!
If you had a copy of a file before it was encrypted could you use it to reverse engineer the encryption?
Gamerboy099 No. You'd need to know the encryption key and that would not aid in anyway whatsoever.
I thought ransomware only encrypted the MBR or the partition table? Or have they evolved from that?
Why would you think that? There is no "thou shalt only encrypt the MBR" rule.
I was working under the assumption that it'd take too long to encrypt every single file, and that a quick way to solve that was to encrypt the partition table.
How does WanaCrypt know not to run on an already infected machine?
Or is this a possibility?
can WannaCrypt attack files on a connected flashdrive or portable HDD?
Yes, any files that it can access from your computer are at risk. Even the files on a local network, say you have a home server, are at risk