Ransomware criminals are growing more sophisticated in their use of encryption, as criminals increasingly use asymmetric encryption methods, according to security pros. A report by ESET security researcher Cassius Puodzius published on the WeLiveSecurity blog detailed the use of encryption to secure communication between malware and command and control (C&C) servers. Travis Smith, Senior Security Research Engineer at Tripwire commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“The benefits of asymmetric encryption is that it allows the encryption keys to be shared across an untrusted space like the internet. The algorithms behind asymmetric encryption allow for one key to encrypt data while another is used to decrypt data. A public key can be shared with anyone, while the private key known only to the enterprise is the only key which can decrypt the data. For enterprises this solved the issue of having to share a unique secret with every visitor to their website. The problem with asymmetric encryption lies with the performance, which is why both symmetric and asymmetric encryption mechanisms are used.
Ransomware creators are no different than any other software company with their decision to use a combination of symmetric and asymmetric encryption. Everyone wants security, performance and reliability with the software they create.
All malware is evolving quickly. Ransomware is unique when compared to other variants of malware for one primary reason. Traditional malware wants to avoid being detected for as long as possible in order to accomplish their end-goal. Ransomware on the other hand is the exact opposite, wanting to be discovered as quickly as possible so the victim can pay for decryption keys.
Part of the ransomware evolution we’ve seen recently is not necessarily encrypting critical data, but locking victims out of their critical infrastructure. For example, Internet of Things (IoT) devices are beginning to be targeted. By locking a user out of their thermostat when they aren’t around to reset the device may prompt the victim to pay a ransom to avoid physical damage and/or increased utility bills.”