How WanaCrypt Encrypts Your Files - Computerphile

imagine if someone made ransomware that doesnt ask for money but forces you to play cookie clicker or flappy bird to get points to decrypt files as you play.

If this dude was my professor, I might have actually attended class.

The videos we want to see with the guy who explains it best. Kudos

I am a Unix admin in a large company, and our Windows guys are so busy patching the several thousand Windows servers, they have enlisted us to help, needless to say I want to cry.

WanaCrypt has proved one of the more interesting pieces of malware in awhile. Thanks for these, Computerphile!

There is also important reason for why each file has its own AES key. If you extract the AES key being used at the moment (which is not that hard TBH), you will get key for only one file. All files that were already encrypted will have their AES key encrypted already.

How did the wannacry hackers get away?
They ran somewhere

it took me like um idk about hour more or less to understand how thet encryption chain works..very tough to understand it for the first time, but this dude explained it in a very good way. Thanks !

Love these videos with Dr. Pound. He can explain stuff in an engaging way and looks like a generally cool guy to hang out with.

I could listen to this guy talking about encryption all day, please make more videos :)

I love the explainations! The 20 min videos are great, and someone that writes it out with pen, makes it easier to memorize :)

Very well explained indeed. Worth noting that ideally your filesystem is setup so either you CANNOT change existing files or they are versioned (Files-11, ZFS). Some useful protection can be effected with common file systems by locking files and directories with an administrative account such that your everyday account simply cannot damage them. And of course backup, backup, backup

This guy is really good in explaining things, I‘m impressed!

Dr Pound is just about the only guest on computerphile that provides both interesting and accurate information. Keep these kinds of videos coming!

The title should have been "How NOT to develop a BAD ransomware!"

I certainly agree that a series of Dr. Pound speaking on the .onions would be very enjoyable!

Keep doing videos with this guy please!

i've nerded out with Dr Pound for hours of content now. keep it comin!

More awesome content like this from the doctor please.

I had my files encrypted with teslacrypt some time ago... had the luck of decrypt it with the help of a LEGEND in github that made a phyton script to retrieve the public key from one of the files!
then used msieve to reconstruct the private key... i was SOOO happy that after a couple of days of of banging my head against the wall.. 160 bits was the length of the private key.. took about 5hs using cuda msieve, with the cpu (fx6300@4.5) got to 20hs and nothing... praise the gpu's!!
also i had a close encounter with locky on a client pc, but it didnt erased shadowcopies so it was a piece of cake to restore.
Now i've learn my lesson... double backup with 1 hard drive off site (on a drawer :P)

This guy is awesome. Please make more videos!

this was so cool! you're a great Lecturer!

Snapshots on a file server basically eliminate the risk from a server standpoint, which is super nice. I wish Windows had a file system that allowed for better snapshotting.

Excellent video as usual.

I concur, a video on how Tor works would be really welcome!

A few years ago, a hacker broke into my PC with ransomware. The moment when I saw a black screen with skull and cross bones, I immediately pulled out the plug while the ransomware was running. Hours later, I switched on my PC and chose a restore point of time. My PC was ok after that.

Great explanation. So has the master key been found?

Interestingly, regarding the Windows Crypt API and reversing the encryption, a tool has been released that claims to retrieve the pair of primes used by the API for key generation from memory. AFAIK it has only been shown to work on XP and Windows 7 and of course requires the tool be run almost immediately after encryption has taken place so as to minimise the risk of the initial primes being overwritten in memory.

This is the best Host ever in this show! :D

THANK YOU!
I was wondering how this worked!!!!

More videos with this dude! I love every video that he is in. I learn so much.

A disk rack with a cloning feature is the best way IMO to do backups, you just backup regulary on a disk on the drive A, and once in a while you get a drive on the drive B you clone the drive A on it, you disconnect the second drive and you store it in a safe location.

I love Dr. Pound. Okay, I really like his videos. I guess there's a difference.

Awesome video! Well made

You should do a video on Peer-to-Peer

Very informative. Thank you for the video! You hear it a lot, but you really are a great channel.

Please make a whole Video about different Backup systems and how to best do it.

Two questions which I would direct to Dr. Pound (if I could):
1.) If we were to have recorded the exact state of memory of the computer which was infected with wannacry (over the duration of the installation of wannacry and the encryption of the files), would we be able to "replay" and analyse the execution and thereby fish out the keys generated and decrypt the files?
2.) I see wannacry adds an extension to the filename of the encrypted files. What happens when it reaches the windows maximum filename size (of I think 256 characters)?
If you ever get to read this Dr. Pound, I would appreciate your insight.
P.S: Your name is pretty boss.

it is not operating system which prevents other processes to access memory not owned by them, but actually processor itself and it is quite hard to circumvent this protection (kernel can do it as it can access all memory, but it now complicated then just that)

I love this guy's videos! They're incredible

If as stated in 14:55 it's quite hard to access memory of other processes in Windows and Linux, how does it happen in memory editors (such as CheatEngine for example)?
Do processes have to specify some sort of security policy to enforce that protection?
Do memory editors exploit some vulnerability to access other processes' memory?

Could you manage to find out all the AES keys assuming you managed to intercept some of them? Like, while the program is still running, an antivirus or something would intercept the keys, and when you have a few generated keys in order, you could crack the "random" key generation algorithm. Or are they smart enough to use an entropic system that can't be easily cracked?

Extremely lay question. Is numerical, brute force decryption of just the symmetric part of this process (the AES part, that uses the referenced generic key Kf) completely infeasible in reasonable timeframes with standard computing power?

Just a note. There is already a decryption tool wannawiki which works on XP, Win7 because those keep private key in memory when wannacry is running. They didn't clean them from memory. So if you haven't shutdown PC you can get to your private key and decrypt your files. blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d

love this guy

Will you make another video on the breakthrough of decrypting wanacryptor files?

Does the server necessary have to hold a "Hard Copy" of the code? Can't it just have an algorithm that solves the "S priv8" key upon some identity from the user (like hwid, assigned btc address etc) and thus decrypting files. On the other hand, the encryption process don't have to be done with like 770MB/SEC, can't it just have a modification OS sided that when a file is activated, it will shut it and thus further encrypt it?(my wording is a bit off, I have bad English skill) and also if the ransomware is runned upon launching of windows, can't we just close the internet and see what packet were sent from the computer and thus record the domain? (Correct me if I am wrong, I have bad English skill)

Ohhhh - is that a scrambled Ghost Cube I spy up on the shelf? Nice!

wouldn't it be possible, if one has multiple not encrypted copies of encrypted files, to identify the part of the encrypted files which hold the key. Once the individual keys have been identified, one could build the not encrypted keys by comparing the files, and lastly reverse engineer the key to encrypt the file specific key. If there are enough files present?

Where can I find the "best way to do backup" video which is teased in the end?

Just a naive thought:
Is it not possible to have some kind of UAC-like control on a system's file encryption that could give users an intervention method? Or does it already exist and things like WanaCrypt already bypass it?

Is it possible to find a Ks if you have a copy of the encrypted file which is not encrypted...? Something like comparsion....

Great video! Can you also make a video about how anti-virus software detect malware in the same way that you guys explain things? Thanks

I have 2 questions on the implementation of WannaCry. The first being what is the benefit of creating an AES key per file why not just one AES key per client. The second what is the benefit of creating the client RSA keys? If the AES key just gets encrypted with the public CnC key that comes with the executable wouldn't that achieve the same result?

So what benefits brings the asynchronous encryption on client side?
I can just generate an AES key, encrypt all files and then store the AES key encrypted with the servers public key.
When someone pays me, they send me there encrypted AES key and I can decrypt it with may servers private key and give them their individual AES key.

I wonder if it is possible, to have a tool, that prevents software from encrypting files, without authorization. Maybe it could use your Windows login password to authorize only specific activities, such as "deleting volume/shadow backups" and "encryption". If it is impossible to distinguish simply modifying a file and encrypting a file, then maybe it could just protect specific folders from having the files be modified without a password or authorization (such as clicking a pattern).

I think it actually can be reversed if the computer hasn't been restarted. The prime numbers used to generate the keys are still stored in memory.

I love how there are only books in the shelf where the camera sees it :D
(Yes I know it is where he can grab the books)

would it be possible to write software that prevents your computer from encrypting any files that are stored to your hard disk without your explicit and informed permission?

Was wondering if it affects the previous versions of files that you can sometimes find via file properties "previous versions".

No mention of air-gapped backups at the end?

at 4:30+ -- not clear how does wannacry still allow access to the files during the encryption; it must have the private key somewhere, if not on the disk -- then, at least in memory; but what happens if computer gets rebooted while still not completely encrypted?

Love how he looks at the camera guy for a second then goes... *riiiight. xD

So i have a question. What if my files on my computer are already encrypted by myself with veracrypt, can wannacry still encrypt or access my files ? Thanks.

amazing video!! please keep uploading cool educational stuff like this

Was Dr. Pound using a mini-disc player in like 2017?! And was anyone surprised who's seen more than two of the videos he's previously been featured in that he leaves an unsolved cube on his shelf to annoy people?

Is it possible to extract the private key from the server with the encrypted and unencrypted client private key?

Triple redundant backup. That's what I use. One local copy, one on the server, and one on the cloud. In my case, Dropbox, but I hear that WannaCrypt will happily encrypt your Dropbox or any other cloud storage that is accessible from the filesystem tree, although, those cloud storage businesses would be able to restore to the last update you did. However, the most recent copy of the files would be toast.

To address the point of the private key being held in memory, would the newly discovered Spectre & Meltdown exploits, assuming the host system is unpatched, allow you to exfiltrate the private key from memory that way? Obviously, this is also assuming you can somehow get to it before it's encrypted. It seems like it happens so fast, that it's a moot point
I'm just coming to this video now that it's been discovered that it can be possible to access memory for other processes due to these exploits

What problems would arise from instead of burying a symmetric key inside the ransomware that's the same for everybody, you put in some code that generated a random number and used that?

So, in essence:
1. Encrypt the entire computer using the fast AES
2. Encrypt the AES key using the public key of the attacker
3. Send the encrypted key file to your attacker so that he can decrypt it and send it back to you.
Is there no way to figure out the private key if you have the decrypted file and the encrypted one?

I really like this guy

Are there libraries that perfrom this on the client? I can imagine this also being verry usefull for lisence services or for encrypted backups.

Curious since my understanding of encryption is poor. If you had a few known files before encryption would you be able to reverse engineer the encryption key since you would then have a few examples of before and after?

If Microsoft had made it so that all programs or processes needed initial permission to access its encryption libraries, would this have helped to stop the problem? Or forced the software to contain the encryption libraries within themselves - making them accessible to us at some point? Microsoft like prompting for permissions, why not in this case?

Does WanaCrypt encrypt each file with a different AES key or generate a single AES key then encrypt all files with it?

So if it's using Windows' services to generate keys, might a protection against future attacks be for Windows to keep a log of all the keys it has generated?

Can you please explain why we need to generate a client side key pair at all?
If we encrypt the AES key (Kf) using the server's public key, all should work exactly the same.
The command centre will just need to decrypt Kf rather than Cpriv.

If we have a very large amount of files, how can the ransomware encrypt so fast all of them? can we save some files from being encrypted if we turn off the computer at the moment?

I wonder if it would be helpfull/possible to decrypt lets say a 10KB file if you have an exact unencrypted version of that file.

Amusingly, for WannaCry, there's now a tool which picks the private key out of memory and allows you to decrypt your files.

What software/tools are used to edit the videos?
The animations with the keys are really cool and I'd like to know more about how that works!

Yes, talk more on the topics of tor, dark web, hidden servers please

So can like earth's best supercomputer can go and crunch that factorization problem and get that server private key? Or that gonna take million years?

Because of a flaw in Windows XP encryption system, it is possible to retrieve the encryption key from memory if the computer is not rebooted.

At 13:40
How can AES encryption be so quick? Around 700MBit/s ? I mean ok, if the CPU supports it on the hardware thats cool but don't the files have to be rewritten? Doesn't the hard-drive / SSD speed limit the encryption process? And most SSDs should be limited by SATA3 600MBit/s transfer speeds. Even still it's not like one big sequential file transfer... can someone explain that to me? :)

why not just encrypt the AES key with the server public key? why the extra stage?

World gets hit by a ransomware:
Milks it for 2 vids in a row.
I'm only joking. This was informative and entertaining. Next, teach us all how to write a ransomware ;)

What if a user tried to search the hard disk free space in order to get past copies of their unencrypted files? Does WannaCrypt wipes or overwrites all that data?

And this is why my secure/really important files are on a completely offline computer, and can only transfer files VIA CD-Rs. Pain in the foot but security is worth it.

Actually someone managed to create a decryption tool that gets the key from memory. So it was not such a bad research direction. Now, the number of people that would know not to shut the PC down and search for a decryption tool is probably very very small. I guess that if such an attack happens in a business environment even if the IT guy know what to do the person that gets the PC infected will shut it down and then call the IT department. So it does not really help, but it is technically possible.

5:05 - What if the ransomware is only activated once it has connection to the command server. Command server will generate the public private key par and send only the public key to the ransomeware to encrypt files?

Which folders or files does WannaCrypt encrypt? Surely not "all", or windows would just stop working.

Mike Pound: "Anyone disassembling this code, and researchers do this within minutes, will immediately find this string"
Me on my 3rd hour of a beginner CTF reversing challenge: ...

Why not just encrypt the aes keys with the server public keys? Why add an extra layer of rsa on the aes keys?

Please make a video about services like tor

This feeling, when there is a panic all around the world about WannaCrypt0r and your laptop does not support SMB.

I have a couple questions about this. First: Suggest a person has multiple drives (partitions or external drives), do they get affected? Second: Suppose someone already has their data encrypted, can they be double encrypted or are they untouchable?

If the maker of the ransomware bury ks in the software, and it's already the end product, how can people find out whats inside of it without having the source code in hand?

correct me if I'm wrong(which I am) but if you had 2 copies of the exact same file, one encrypted and the other not encrypted, wouldn't you be able to compare them and find how the file was encrypted and hence the key?