The Looming Power of Ransomware – Black Hat USA

Out of this year’s Black Hat USA conference we learned that not all ransomware is created equal. In fact, some types of ransomware are readily detectable and might not have the same power they claim.

What is ransomware?

To understand the differences between ransomware, it is important for us to have a proper, finite definition of what it is. Luckily, the 30 second video below provides us with just that.

We can see in the video that ransomware is essentially when your computer is locked or your files are encrypted, and a ransom is demanded for their return. Specifically, ransomware is broken down into two categories, Locker ransomware and Crypto ransomware, as reported on in an article by Choice. In this great article, ransomware is explored in-depth, looking at its ramifications within Australia. The excerpts below are their definitions of both Locker and Crypto ransomware.

Black Hat Findings

Coming out of last month’s Black Hat USA conference was research from Engin Kirda, cofounder and chief architect at Lastline Labs. Reported on by NetworkWorld, Kirda claims that not all ransomware is the same and shouldn’t be as universally feared as it tends to be. The video below is an interview with Kirda posted by InformationWeek’s DarkReading. In the interview you will hear about Kirda’s findings on ransomware first hand.

From Kirda’s interview and research we learn a few important thing about many types of ransomware.

Data can be recovered

Perhaps the most relieving of Kirda’s discoveries is about some types of ransomware that claim to delete user’s files. According to Kirda, files aren’t always completely wiped, leaving a good chance that they can be recovered for the user.

Over-claiming encryption

Seen in NetworkWorld’s article, Kirda takes the time to note that there are types of ransomware that do a good job of encrypting files. However, there are many other types of ransomware that don’t live up to their encryption claims. Specifically noted in the article is TeslaCrypt, a type of ransomware the claimed to use RSA 2048 encryption, but actually used AES encryption, a much weaker encryption that has been broken.

Kirda is careful not to lead his audience to disregard ransomware as there are still serious forms. Similarly, we want to be sure users are warned not to take this information as a sign that all ransomware is easily removed. We recommend again taking a look at the bottom of the above linked article by Choice to find some great tools on how to protect yourself from ransomware. Combining Kirda’s knowledge with your newly acquired tools from Choice, you can begin to be less fearful of the looming power of ransomware.

About Ryan Jeethan

Ryan Jeethan

Ryan is a recent graduate of the University of Waterloo’s Arts & Business program focusing on UW’s unique Speech Communication program.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s