Ransomware app leaves de-cryption key on victim’s PC

By Konrad Krawczyk April 1, 2014

A depiction of a hacker behind a screen of code. — Glebstock/Shutterstock

If you’ve ever seen any TV shows like “World’s Wildest Police Videos,” then you know that not all criminals are detail-oriented masterminds. Apparently, there there’s a Ransomware program out there whose creator can be counted among that group as well.

Ransomware is a form of malware that essentially locks down a user’s files, forcing them to pay hundreds in cash in order to regain access to their data. One piece of Ransomware, dubbed CryptoDefense, not only encrypts a victim’s files, but also leaves the decryption key on the same PC as well, according to security firm Symantec.

Recommended Videos

CryptoDefense employs Microsoft’s cryptographic methods as well as Windows software in order to create the plain text key that encrypts the files, which is then sent to the malware handler’s server. However, once that key is sent to the attacker, it’s also stored on the infected machine.

“The malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape,” Symantec said.

However, because it takes a bit of technical know-how in order to extract the de-cryption key, it’s unlikely that the average user hit by CryptoDefense would be able to break free of the malware’s shackles. Despite it’s one big flaw, Symantec asserts that CryptoDefense has earned its handlers a hefty sum of $34,000 in a single month.

What do you think? Sound off in the comments below.

Topics

PC

Konrad Krawczyk

Former Digital Trends Contributor

Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…

Computing

Ransomware attacks have spiked massively. Here’s how to stay safe

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

No one wants to fall victim to ransomware, but a new report from blockchain security firm Chainalysis claims that ransomware payments could be set for a record-breaking year, with criminals raking in close to half a billion dollars just seven months into 2023.

According to the analysis, ransomware payments this year have totaled $449.1 million so far. That’s $175.8 million more than this time last year, suggesting that hackers have doubled down on this method of extracting money from unfortunate victims.

Computing

Cybercrime spiked in 2022 — and this year could be worse

malwarebytes laptop

Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well -- but there were a couple of relative bright spots.

That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source -- and one of the most feared types of malware saw a hefty drop.

Computing

Hackers sink to new low by stealing Discord accounts in ransomware attacks

a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.