Snake alert! This ransomware is not a game…

2020-01-13 12:03

The original filename and directory are recorded, the decryption key is stored too, and the special tag EKANS, which is SNAKE written backwards, finishes off the encrypted file.

The key used for locking data is called the public key, because you can reveal it to anyone; the unlocking key is called the private key, because as long as you keep it private, you're the only one who can later unlock the encrypted data.

The malware generates a random key to encrypt the file, using what's called a symmetric or secret-key encryption algorithm where the same key both locks and unlocks; then uses a public key to lock up the random key.

To decrypt the file, you need the private key to unlock the symmetric key; then the symmetric key to unlock the file.

Why not just use public key cryptography alone to lock and unlock the file? Why the extra complexity of generating a random secret key to lock the data and then using a public key to lock the secret key? The answer is that symmetric crypto is ideally suited for scrambling large amounts of data, but public key crypto is much slower and suited only for scrambling small amounts of data at a time.

News URL

https://nakedsecurity.sophos.com/2020/01/13/snake-alert-this-ransomware-is-not-a-game/

#ransomware