Researchers at Kaspersky Lab have successfully analysed a ransomware Trojan, Gpcode.ag, cracking a 660 bit RSA encryption key. They note that, “Currently, the longest factorized key on the RSA website is 640 bits”, so they are keeping their method a trade secret. However, the malware authors can continue to increase the key length until it is effectively unbreakable.
The objective of ransomware is to encrypt the victim’s important files, then demand money for their recovery. Although Kaspersky’s achievement is remarkable, analysis and cracking is not our strongest defence against this threat. The best defence for end-users is a good backup strategy – the important files can then be recovered from the most recent backup. Of course, keeping the backups offline, and preferable off site, will prevent any malware affecting them. The second approach, for law enforcement, is follow–the–money: tracing the ransom payments until the people profiting can be identified and prosecuted.