'Ransomware' Becoming a Serious Problem
Occurrences of ransomware are on the rise, and the encryption algorithms used are becoming increasingly complex, security firm Kaspersky Labs warned Friday in its quarterly report on the state of the malware industry. The firm said incidences of ransomware reached a peak in the second quarter of 2006, after first appearing in the beginning of 2004.
Initially, those responsible used simple encryption to hold files at ransom. In more recent incarnations RSA encryption has appeared and hackers are using more complex ways of password-protecting and hiding corrupted files. Kaspersky says attackers and anti-malware companies are now locked in a cat-and-mouse battle, where researchers crack the code, and attackers respond back with more complex methods.
The most recent variant of the Gpcode ransom virus featured a 660-bit key, which researchers said could take as much as 30 years to break using a 2.2 GHz computer. However, based on past research Kaspersky was able to break the code and add protection to its anti-virus files.
"I won't go into details here; suffice it to say this particular decryption will go down as a milestone in computer virology," Senior Virus Analyst Alexander Gostev wrote. While the Russian site that was launching these attacks has since shut down, Gostev warned that new variants could appear at any time.
While Kaspersky was able to crack these codes, researchers say the encryption methods are reaching the limits of modern cryptography. Future incarnations could be unbreakable, forcing those infected to pay the ransoms necessary in order to unlock their files. Gostev urged antivirus companies to act proactively to protect their users.
Those who created Cryzip and Krotten, the most common ransomware techniques, still have not been apprehended. However, even if they are caught, their work could live on through other attackers who will build on the work they have created.
"RansomWare will undoubtedly remain a major headache for the antivirus industry, at least in the near future," Gostev said.