New encryption ransomware holds entire websites hostage

Encryption can keep your communication private and your files safe from prying eyes, but it can also be turned against you. In recent years, online criminals have been using a class of malware called ransomware to extract money from victims by encrypting their files and holding them ransom. As if that wasn’t bad enough, security researchers have now identified a new strain of ransomware that targets Linux-based web servers, holding an entire website hostage until the owner pays up.

The ransomware is currently being called “Linux.Encoder.1,” and security firm Doctor Web has reportedly seen it bite only a handful of websites so far. Victims are currently in “at least tens,” but each time it locks down a website, it demands one Bitcoin in payment. With the recent uptick in value, that’s about $500.

Many of the infected systems were accessed through a vulnerability in the Magneto CMS. A patch was issued to close this security hole on October 31st, but not all users will get the new version installed right away. The funds from the first wave of attacks could also be used to purchase a previously undisclosed exploit, which could widen the scope of attacks.

Like other ransomware schemes, after Linux.Encoder.1 gains access to a web server, it encrypts all the mounted volumes and encrypts a variety of file types with an RSA-2048 key that cannot be duplicated by the user. The malware seeks out Apache, MySQL, and Nginx installations in the server before going to work, thus ensuring it locks important files that someone will want back. It goes after files like Windows executables, program libraries, and JavaScript documents, and more.

In each directory it encrypts, Linux.Encoder.1 helpfully leaves a text file called README_FOR_DECRYPT.txt (see above). This is the ransom note. It explains that the contents of the server are encrypted, and in order to recover the files, you’ll need to pay one Bitcoin to the attackers at a specific Bitcoin address. It provides an address linked to a deep web using a Tor2web redirect.

If the victim pays up, the attackers say they’ll provide the decryption key to access all the locked files. That, of course, assumes you believe they will follow through. This process isless sophisticated than some previous ransomware attacks, and the files in question might be of greater commercial value. That makes it more likely owners of the web servers will pay the ransom. The best way to avoid being scammed by this malware is to keep your security up to date and have a backup of your important server files stored in a different location.

25.216667 55.166667

Is the NSA trying to warn us that cryptography is dead?

Back in August, the NSA released an updated advisory that was at once interesting and expected: It said that the world had to prepare for the oncoming impact of quantum computers, and the possibility that these devices could render existing computer cryptography almost completely obsolete. They called for the cryptographic community to invest heavily in developing so-called post-quantum cryptographic solutions that could survive this hypothetical watershed invention. And, as you might imagine, this advisory has very nearly driven the internet insane. Now, two security researchers have published a paper compiling all the various theories surrounding this advisory, and trying to make sense of the situation.

Remember that quantum computers have obsessed internet weirdos for as long as the concept has existed. Try really looking into the Deep Web sometime, and you’ll quickly come up against the idea of a quantum deep web, a deep deep deep web, that can only be accessed by/through Illuminati-style quantum networks that, of course, don’t actually exist. Much of this lore is simply gleeful trolling by people who love to mislead noobs, but don’t kid yourself — many of the most entrenched People Of The Internet really do believe this crap.

So, unsurprisingly, now they believe this crap. The biggest issue springs for a single passage (emphasis mine):

For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.

The reason this has surprised so many people is that the NSA has been a long-time supporter of several of what we might call pre-quantum cryptographic solutions, new and highly advanced algorithms that shore up problems with current solutions, but which would probably not be secure in the event of real quantum computing. In particular, NSA has been a booster of Elliptical Curve Cryptography (ECC), which makes this back-pedaling announcement a bit confusing. They’re now saying that this ECC is a stopgap solution waiting to be made obsolete by quantum research — but that’s what it’s always been, so what’s changed?

However, while it’s certainly possible that NSA has a secret, super-successful quantum computer behind closed doors, that looks very unlikely at this point. Not only does NSA seem to lack the sheer volume of pure-science research talent that would be necessary to compete with the major, openly admitted research bodies, but the Edward Snowden leaks revealed absolutely no indication that NSA has or soon expects to have access to post-quantum capabilities.

And so, those viewing the situation have slid down to a possible explanation that’s at once more and less realistic: a conventional computer algorithm that can break modern computer encryption through sheer mathematical efficiency. This is more realistic, since it could theoretically come from the mind of just a single brilliant analyst, and thus it could come from the NSA, out of the blue and with no help from the private sector. On the other hand, conventional wisdom in cryptography says that such a classical code-breaking system is impossible, with a digital computer.

The fact is that “NSA Has Quantum!” is a bit like the tech-world’s equivalent of “Half Life 3 Confirmed” — it’s basically a joke at this point, but beneath the sarcasm lies an understanding that the cliche does have to come true eventually, even if not for a very, very long time. That’s why both memes have been so long-lived: Quantum computers seem like they will come into existence at some point, so no matter how many times they cry (or hint) wolf, you’ve still got to be wary — every single time.

37.090240 -95.712891