Bruce Schneier writes about a possible serious problem from an article posted at cnn.com:
WASHINGTON (AP) — Computer users already anxious about viruses and identity theft have new reason to worry: Hackers have found a way to lock up the electronic documents on your computer and then demand $200 over the Internet to get them back.
Security researchers at San Diego-based Websense Inc. uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets.
A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files.
“This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination,” said Oliver Friedrichs, a security manager for Symantec Corp.
According to Bruce a good way to do it would be as follows (you don’t need to be a rocket scientist to come up with this one):
1. Break into a computer.
2. Generate a random 256-bit file-encryption key.
3. Encrypt the file-encryption key with a common RSA public key.
4. Encrypt data files with the file-encryption key.
5. Wipe data files and file-encryption key.
6. Wipe all free space on the drive.
7. Output a file containing the RSA-encrypted, file encryption key.
8. Demand ransom.
9. Receive ransom.
10. Receive encrypted file-encryption key.
11. Decrypt it and send it back.
Just a matter of time before someone turns this into a movie script…..
No Comments so far ↓
There are no comments yet...Kick things off by filling out the form below.