Researchers find Linux.Encoder 3 version still uses buggy encryption and allows file recovery
Much to the delight of security researchers, a group of malware creators are currently having difficulty getting cryptographic implementations right in their ransomware. This has not happened once but thrice.
A group of cyber criminals for the past several months have been trying to infect Linux systems, mainly Web servers, with a file-encrypting ransomware program that the security industry has nicknamed Linux.Encoder.
According to security researchers from antivirus vendor Bitdefender, the third version of Linux.Encoder has infected at least 600 vulnerable servers worldwide.
The good news is that this version of the program also has a fault that makes decryption possible without paying the ransom, in spite of its creators’ attempts to address their previous failures.
Catalin Cosoi, chief security strategist at Bitdefender, said: “As we expected, the creators of Linux.Encoder have fixed their previous bugs and created a new and improved variant. Luckily for the victims, the new variant of Linux.Encoder is still vulnerable to key recovery attacks.
“The old version of the Linux.Encoder ransomware used to generate a 16-byte initialisation vector and a 16-byte AES key by calling the rand() function. The initial seed to the RNG was taken from the current timestamp, which was actually very close to the modification time of the file after encryption.”
When Bitdefender documented the flawed approach to generating IVs and keys in the previous versions, the Twitter community ridiculed the ransomware developers by suggesting wild improvements to the ransomware’s functionality.
Cosoi said: “Apparently, the operators actually took note of these recommendations; as a result, the IV is now generated from a hash of the file size and the filename – 32 bytes from rand () are hashed 8 times and used as the AES-256 key.”
And the attackers still made n00b-level coding errors. For instance, there’s a missing static link in the libc library that stops the ransomware launching on older systems that would be easier to pwn.
The ransomware creators failed to select a hashing algorithm, due to which the output of the hashing function remains unchanged. The Bitdefender researchers said in a blog post Tuesday. “As a result, the full AES key is now written to the encrypted file, which makes its recovery a walk in the park.”
This means that all calls to the Update and Finish primitives are ineffective. As a result, the full AES key is now written to the encrypted file, which makes its recovery a simple process.
Bitdefender has released a new tool that can decrypt files affected by this latest Linux.Encoder version for those who have been affected by the new version of this ransomware.
Unfortunately, the people behind this ransomware program seem pretty determined and are unlikely to keep making mistakes. It’s safe to assume that they’ll get their implementation right at some point, and when that happens files encrypted by Linux.Encoder will be unrecoverable without backups or paying the ransom.
BitDefender researcher Radu Caragea called the last Linux.Encoder variant a counterstrike a “close shave” and says victims who escape the hold of the third version may not get a fourth chance.
“While this is the third lucky strike, please make sure that, after recovery, you update the vulnerable platforms and stop this type of attack cold in the first place.”
“Next time, hackers could actually come up with a working version of the ransomware that won’t be as easy to decrypt.”