A new piece of ransomware that emerged earlier this month is encrypting its victim’s files with an easily breakable cryptographic algorithm. BitCrypt, as it is known, purports to lock down files with 1024-bit RSA encryption but actually only deploys a much weaker 426-bit key.
According to researchers Cedric Pernet and Fabien Perigaud, the makers of BitCrypt may have accidentally deployed this much weaker encryption algorithm that is incredibly easy to break. So easy in fact, the researchers say they can break BitCrypt’s encryption using a standard computer in a matter of hours. Pernet and Perigauld are a pair of researchers working for Cassidian, the security division of the European Aerospace Defence and Space group.
The researchers first came across BitCrypt after it showed up and encrypted everything on a computer belonging to one of their friends. Research revealed that the domain ‘bitcrypt[dot]info’ was registered on February 3. Presumably, the victims of BitCrypt are directed toward this website, where they are told they must set up a Bitcoin purse and pay 0.4 Bitcoins into the Bitcoin wallet of the person or people responsible for BitCrypt. Once they have done that, there is a set of fields on the website where victims can enter their Bitcoin wallet ID number and their email address. Once the criminals see that they have received a payment from the infected users’ wallet, they can then send off the appropriate encryption key, so that user can then decrypt their files.
Pernet and Perigauld managed to find and analyze a VirusTotal sample of BitCrypt that had been submitted on February 9. BitCrypt claimed to use RSA 1024-bit cryptography.
The researchers then did a bit of reverse engineering and at first glance everything seemed legitimate. While it sought out files to encrypt, the malware ran a watching thread that monitored user activity and blocked any attempt to run taskmgr.exe or regedit.exe. The malware was encrypting any files with the following extensions:
.dbf, .mdb, .mde, .xls, .xlw, .docx, .doc, .cer, .key, .rtf, .xlsm, .xlsx, .txt, .xlc, .docm, .xlk, .text, .ppt, .djvu, .pdf, .lzo, .djv, .cdx, .cdt, .cdr, .bpg, .xfm, .dfm, .pas, .dpk, .dpr, .frm, .vbp, .php, .js, .wri, .css, .asm, .jpg, .jpeg, .dbx, .dbt, .odc, .sql, .abw, .pab, .vsd, .xsf, .xsn, .pps, .lzh, .pgp, .arj, .gz, .pst, and .xl
However, upon decoding one of BitCrypt’s configuration files, it became very apparent that BitCrypt’s writers had failed to deploy the encryption correctly.
“The [decoded] number has 128 digits,” the pair wrote in a blog post, “which could indicate a (big) mistake from the malware author, who wanted to generate a 128 bytes key.”
As it turned out, BitCrypt was deploying RSA-426 encryption rather than 1024. The researchers managed to break that cryptography in 43 hours on a quad-core PC and just 14 hours on 24-core server.
In general, ransomware is a type of malware that encrypts various seemingly important files on the machines of its victims. These scams then asks their victims to make some payment in exchange for the encryption key that would decrypt those files. There is never any guarantee that paying the ransom will decrypt anything.
In September 2013, a particularly potent piece of ransomware called CryptoLocker emerged. While Ransomware is nothing new, CryptoLocker garnered enough attention to become one of those special pieces of malware that gets press attention outside the security industry. CryptoLocker’s efficacy spurred a bit of a surge in new ransomware samples.
For months, weak cryptography has been a hot topic in the security world because of revelations suggesting the the U.S. National Security Agency had allegedly found ways of subverting popular cryptographic algorithms deployed by the big Internet firms to spy on those companies’ users en masse without warrant. This report from Pernet and Perigaud flips that narrative a bit, demonstrating not even cybercriminals are immune from making mistakes with cryptography.
If you’d like to read up on exactly where BitCrypt’s author’s slipped up, you can find Pernet and Perigaud’s technical analysis here.