1

I'm just repurposing a question already asked about Cryptolocker for CryptoWall:

"If we know exact contents of some of the files prior to them being encrypted, would it be feasible to use those files to discover the private key?"

There's an answer posted for the case of CryptoLocker, but what about for CryptoWall? I've read it is not as thorough, for instance not using the type of RSA encryption meant for large blocks of data.

Community
  • 1
MikeM
  • 19
  • 1
  • 1
    I'm pretty sure the answer will be: "No, there's no (known) way to recover the private RSA key." – SEJPM Aug 24 '15 at 16:42
  • If the answer is yes to this question, one could truthfully make the general statement that that encryption algorithm is broken. What you are talking about is a known plain text attack, and all good encryption algorithms are extremely resistant to it. – WDS Aug 25 '15 at 03:13
  • 1
    I think the answer is the same a the previous question: If they did a proper job, then no. – Guut Boy Aug 25 '15 at 06:42
  • No, I'm pretty sure CryptoWall uses a symmetric encryption algorithm resistant to known plaintext attacks. It would be pretty silly otherwise. – Property404 Sep 07 '15 at 14:18

1 Answers1

1

According to the Dell SecureWorks link from the comments, CryptoWall used/uses RSA encryption directly on the files:

File encryption begins after CryptoWall successfully retrieves the RSA public key from an active C2 server. Therefore, using network-based controls to block this communication can prevent compromised systems from becoming encrypted. Unlike CryptoLocker's use of a symmetric cipher, such as AES, to encrypt bulk data, CryptoWall uses the RSA public key to directly encrypt files. Because the RSA algorithm is far more computationally intensive than symmetric ciphers, compromised systems experience significant CPU load after CryptoWall compromises as files are encrypted.

This alone could allow some data to be decrypted due to weaknesses of textbook RSA if it is naively blocking files and using raw RSA. For example, anything that can be guessed could be verified, and the last blocks of files could be small enough to be brute forced. It would not help in finding the private key, however.

Additionally:

CryptoWall variants deployed before April 1, 2014 contained a weakness in the cryptographic implementation that allowed recovery of the key used to encrypt files.

According to Symantec the private key was present on the infected computer and sent to the command server:

The Trojan then sends the private key back to the remote server. After the remote server confirms that it has received the key, the Trojan will send a screenshot of the computer’s desktop to the remote server.

More newly infected users would seem to be out of luck (from first link):

This flaw appears to have been corrected in later versions of the malware. CTU researchers have not performed a rigorous assessment of CryptoWall's cryptographic implementation, but they have not discovered any obvious flaws that allow decryption without payment.

otus
  • 32,132
  • 5
  • 70
  • 165