The recently spotted Linux Encoder crypto-ransomware is very disruptive, but the good news is that the malware makers have made a mistake that allowed Bitdefender researchers to recover the AES encryption key without having to decrypt it with the RSA private key held by the criminals.
Linux Encoder, like most crypto-ransomware, encrypts the files with the AES encryption algorithm, which uses the same key for both encryption and decryption, and is generated on the target’s computer.
This key is sent to the attacker’s server, and is then encrypted with the RSA encryption algorithm, which creates a public key (for encryption) and the private one (for decryption). Only the public key is sent to the victim PC.
“Since RSA is less resource-effective on big chunks of data, the public key is only used to encrypt a small, yet critical, piece of information: the encryption key used by the AES algorithm that is generated locally,” the researchers explained. “The RSA-encrypted AES key is then prepended to the beginning of every encrypted file, along with the original file permissions and an initialization vector (IV) used by the AES algorithm.”
“We looked into the way the key and initialization vector are generated by reverse-engineering the Linux.Encoder.1 sample in our lab,” they added. “We realized that, rather than generating secure random keys and IVs, the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption. This information can be easily retrieved by looking at the file’s timestamp. This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA public key sold by the Trojan’s operator(s).”
This knowledge allowed them to create an effective decryption script, and given that this piece of ransomware targets more tech savvy users, they should not have a problem deploying it (check out this blog post for the download link and instructions on how to use it).
“If your machine has been compromised, consider this a close shave,” the researchers pointed out. “Mistakes such as the one described above are extremely fortunate, but also extremely rare.”
They advised users never to run applications that they don’t completely trust, and to backup often – and keep the backup away from the system. In this particular case, that was the initial way to avoid paying the ransom, as the Trojan also encrypted backups found on the server.