Menu
First Linux ransomware program cracked, for now

First Linux ransomware program cracked, for now

The creators of the Linux.Encoder.1 ransomware program made errors when implementing encryption algorithms

Administrators of Web servers that were infected with a recently released ransomware program for Linux are in luck: There's now a free tool that can decrypt their files.

The tool was created by malware researchers from antivirus firm Bitdefender, who found a major flaw in how the Linux.Encoder.1 ransomware uses encryption.

The program makes files unreadable by using the Advanced Encryption Standard (AES), which uses the same key for both the encryption and decryption operations. The AES key is then encrypted too by using RSA, an asymmetric encryption algorithm.

The RSA algorithm uses a public and private key pair instead of a single key. The public key is used to encrypt data and the private key is used to decrypt it. In the case of Linux.Encoder.1, the RSA public-private key pair is generated on the attackers' servers and only the public key is sent to infected systems and used to encrypt the AES key.

If implemented correctly this process would make it impossible for anyone to decrypt the files without the RSA private key retained by the attackers. However, the Bitdefender researchers discovered that when it generates the AES keys, the malicious program uses a weak source of random data -- the time and date at the moment of encryption.

This time stamp is easy to determine by looking at when the AES key files were created on disk. Therefore, researchers are able to reverse the process and recover the AES keys without needing to decrypt them, making the RSA public and private keys pointless.

The tool created and released by Bitdefender is a script written in Python that determines the initialization vectors and AES encryption keys by analyzing the files encrypted by the ransomware program. It then decrypts the files and fixes their permissions on the system.

"If you can boot your compromised operating system, download the script and run it under the root user," the Bitdefender researchers said in a blog post that also contains detailed instructions on how to use the tool.

This is not the first time ransomware authors have made errors in their implementation of encryption algorithms, allowing researchers to recover affected files. However, based on past incidents, once these errors become known, they get fixed in new versions of the malware programs.

It's safe to assume that we'll soon see a new Linux.Encoder variant that doesn't make the same mistake, or entirely new ransomware programs that target Linux systems. Mac OS X is not immune to this type of threat either, as a security researcher recently demonstrated with a proof of concept.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments