Ransomware is becoming more complex, and anti-virus companies are worried they may not be able to decrypt ransomed files, according to a new report.
The report, "Malware Evolution: April – June 2006, Hidden Wars," by anti-virus vendor Kaspersky Labs, warned that ransomware authors are creating more sophisticated encryption algorithms in a bid to outfox security companies and blackmail users and companies.
Ransomware involves the use of malicious code to hijack user files, encrypt them and then demand payment in exchange for the decryption key. The first piece of ransomware to use a sophisticated encryption algorithm, Gpcode.ac, was detected in January 2006 and used the RSA algorithm to create a 56-bit key. Since then, the author of Gpcode has released several increasingly complex variants of the virus, and in June released Gpcode.ag, which used a 660-bit key.
"We were able to decrypt 330 and 660-bit keys within a reasonably short space of time, but a new variant, with a longer key, could appear at any time. If RSA, or any other similar algorithm which uses a public key, were to be used in a new virus, anti-virus companies might find themselves powerless, even if maximum computing power was applied to decrypting the key," said Aleks Gostev, senior virus analyst, Kaspersky Lab.
He added that the authors behind the Gpcode, Cryzip and Krotten ransomware were still on the loose, and even if they were arrested, there was nothing to prevent other malicious users from implementing such techniques in order to make money.
"In the mean time, anti-virus companies have to continue working on proactive protection that will make it impossible for malicious users to encrypt or archive users' data," said Gostev.