Dipping Our Toes Into Cryptovirology

you can hear me well enough so welcome my talk cryptology second guessing the cryptographic underpinnings of modern ransomware now that's some go that chat gbt uh had made up when I asked to put in B it's the crypto part of R some more when we talk about but we'll get into that now so a quick introduction to myself that's me I'm Ryan on the right I'm a security researcher for in tzer I'm giving props to my coworker who can't be here today uh with us like she's still alive she's like like come make the plan you know um U but she couldn't get the flight over but she built half the talk so there was to good

props there um so I've been working in security since about 2017 I worked in anomaly first um D in arur Street there I think they moved and end for a company called Carter but being I've been in ch for a while kind of like malware that's what to do now kind of brief introduction of me our quick we agenda um I'm not going to explain too much as a go through but buy there's going to be an introduction we're they going to talk about cryptology itself um main a hybrid crypto system and then a few mistakes after that where people can mess up and you can create the decryptors around somewhere and a short we Q&A at the end

so uh introduction to cryptography quite a quick one there are legitimate use cases use cryptography you probably know them every time you unlock your phone you do online banking and much any website you visit these days have even seen that like if you uh like a VP they're cryptographically signed and everything so legitimate use cases and there are malicious use cases um you probably know that so you know whilst you can encrypt your own communication uh Bad actors can encrypt their communication they hide from any sort of defenses uh you can encrypt like malware payloads and the most inous example is with somewhere where you someone's files but in short cryptography is everywhere and so just

to hammer a couple of visuals into your head and you know most of you will probably already know this but just for the visualization symmetric encryption so we use one key to encrypt data and the same key to decrypt the data 1 key there is isometric encryption that's where you generate a key PA so two keys kind of like a Yen and a Yang one key will encrypt and the other will decrypt so two keys you share one with the world you keep one to yourself that's pretty much it so the strengths and weaknesses between the two quite important to understand for later one is strength and key length symmetric generally much much stronger than isometric and the main

reason for that is based off prime prime factorization for isometric so um is when you're generating asymmetric key keys you're only limited using prime numbers a nice visualization for that I'll try not to walk too much camera but if you look at this it's called the spiral and whil the resolution is not great on the screen if you start right in the middle and imagine that every single dot in the screen both black and white is uh our numbers so you go like 1 2 3 4 5 and just go around in a spiral every black dot represents a prime number the white space represents not a prime number and what this visualization sort of shows you is that you can only

use the black dots when you're doing asymmetric encryption and so you're kind of left with a lot you can't use and can whereas with symmetric encryption you can just you can use your granny as a key you know it doesn't matter so just just go mad and sort of that that will get into uh really like hampers the strength of asmc there's a key exchange uh issue so if you have a symmetric key how you going to sound it to someone um luckily they've already uh of figure that out with key exchange protocols largely based off the asymmetric but um essentially if you make a symmetric key you're going to have to send it someone

with asymmetric thr them out the the public key um there's the size of the payload so with uh RSA you can actually only encrypt something that is equal to the key length or below that a few caveats around pading that sort of reduce that further but essentially you can't encrypt anything that's bigger than the key size whereas with symmetric cryptography gener both stream and block ciphers Kuts you want to encryp something that's many GB in size you can do it um and there's also the speed generally symmetric much much quicker like very very quick and there's even as I point out there there is uh instruction sets so you know most people probably still have Intel based computers um they have

an instruction set that buil into the processor the speed out evenur crazy [Music] speed um really just a hmer home really want to point out um how strong uh uh symmetric encryption is compared to asymmetric I decid to use the example of quantum computers so um some very smart mathematical BS from the national academies released on academic paper where they use some sort of mathematics and they tell you which algorithms that they use that a quantum computer will be able to crack um different uh algorithms so with this one 204 bet RSA key with a quantum computer of 4098 cubits take you about 1 to two days pretty quick with AES 128 of on the computer of

that size 2953 cubits it'll take you 261 billion years longer than my talk anyway on on obser here as 256 we have a computer of that size 6681 cubits I'm not even going to attempt to say that number but it's a big one and again I can't like kind of visualize you know that number for you humans can't really understand numbers over like a billion um it it's absurd does anyone know what that number is age of the universe so is um and another thing that I actually want to point out about Quantum is that um obviously the computers don't hugely exist yet um IBM came out this year with a uh a quantum computer of

433 cubits so we are quite a bit away from doing this but the main point to this slide is that you see how much weaker RSA is compared to something like as buy asymmetric versus symmetric encryption um like insanely strong and actually the closing key theast is going to be a Computing so I imagine that there's [Music] something I will take your question at the end it's okay so um but yeah basically the closing keynote is going to be about Quantum Computing and uh and I imagine there's something going to be uh about asmc encryption being broke so the potatoes which is cryptology in one sentence I kind of call is cryptology is when malare uses

cryptography um what I specifically want to talk about is uh with ransomware and there's probably broad agreement in the room that ransomware is pretty bad no not good um and everyone sort of knows what it does it encrypt your files holds them for them very loaded statement a lot of assumptions in that how does the encryption actually stop you from getting your files back you know what like the digital CH look like um because it's very interesting topic behind it hopefully you'll agree and maybe to start off with I'm going to use an analogy if I were to Pi HOH we're good um so if I were to take uh say something quite valuable of

someone in the crowd like maybe a phone and I lock it in a box and I go give me1 and I'll give you the key or code and get it back or give me the1 depends what it is it's one of these can we sort of luggage locks like a three digigit code you're probably not going to give me the money cuz most it's going to take you half an hour to break that there are YouTube videos people trying to do a speedrun but but um so 24 minutes usually 25 minutes um so you're probably not going to get me the money if there something like that kind like the PSN boxes downstairs if there's a

key just sort of setting a bite maybe it's on P pot next to it in front of the box probably not going to give me the money you're probably just going to head your B with turn your key and getting your phone back or if I take everyone's phone in this room and lock it all up in the same box and I use the same key for one of them what if one person pays me for the key and then they just sort of start to give it to everyone their own well I lose a lot of Revenue there and Bas these same conundrums they apply to romare developers as well so today and uh you know busy the solution

for them is called a hybrid hybrid crypto system and the way we're going to explain that if you jump straight into an example so we're going to talk about the ax Thea it was doing the rounds in 2017 it was um were many now mainly attacking Ukraine unless see we're just going to straight in Jump straight into the operation of like how that works so when it runs on machine this is what happens so the the first thing is that a key is generated and I'm it's going to take a we second to explain the mutation um hopefully it's sort of visible with pixels on but this is an RSA keeper on the left is my public key on the right

is private key and going to call a secret key for this example just have to mix up her piece is a public key and a secret key and then there's some notation at the top so asymmetric keeper very important and it's one per host so every computer this runs on it'll be different per per per computer so you see from there we can continue that's the first thing that's generated next is a symmetric AES key 256 bits and strength strong so obviously symmetric one per host and 1K so CM encrypt CM decrypt what happens next is that the keer is encrypted with the AES host key reers going in and the as host key is encrypted with

What's called the public master key you can't exactly see the wording there but it says public Master where did that come from you ask well it's embedded into the r somewhere and so what happened before is the ransomware developer the thre actor whatever you want to call them they generated their own keer they put the public key embedded in around somewhere they keep the secret key themselves usually on a server somewhere on computer so just to put that visual in your head and going to put that in the corner or little hacker um kind of do you using all CL attacker and besides spell fast but uh that's what it is so forget about them

but just that's where it comes from on what you're left with now is a doc key file this is written to disk so um and this key file very very important if you want to get your files back when you go to pay to ROM to the Fred actor you're also going to send this key file if you don't you're not you're not really going to get your vales back so going to put that in the corner there and we're going to encrypt our file a lovely cute little duck so um X data comes encrypted what it does is it generates a AES falky again 256 bits in shank very strong and our prob duck gets encrypted

so can't get it back and the as well key it gets encrypted with the public post K and that's largely what your encrypted file looks like so encrypted encrypted picture the top and then a panda to the bottom of the fou is the encrypted key a l work like this so right after that being discovered here do enry encrypted um I thought it was a good time to bring up some philosophy so they Cote some eminent philosophers uh in sync I want you back you know so how we how are we going to do that so we'll start on the right here you see that we want our per we encrypted dock it's encrypted with the as file key

luckily it's in the same file at the bottom it's encrypted with the public host key therefore we need the secret host key we get it back we know where it is it's in our do key file there so we need sort of brighter purple one it's encrypted with the AES host key luckily it's in the same file as well but it's encrypted with the public master key so we need to get secret master key um just a reminder it's the one on the right there [Music] ground so how do we get the secret key do we try root force it not likely Quantum the quantum computers don't exist for yet do we PR to God a divine

intervention please give me the key I didn't go to confession this week so that's not going to work do we actually just pay the ransom that might work or true story there's a fourth option our fed actor they actually gained the conscience and they posted the private key to a bing computer form so armed with our secret master key now we're going to go through the ion steps so on the left is what we know we're starting with the key file on the right so we use the secret master key to get the as host key we use the as host key to get the secret host key this is what would have happened if you had went

through the payment stages if you had you know paid for the ROM center of the key file the sh actor would have done this for you and sent you back the secret poost key onto your B no we use secret host key to get the a as f key you might see where this is going we use the as F key we got our duck back so what was the point and all that go basically there was a unique key for each file and each host so one person pays you can't share your host key with someone else cuz it's going to be useless for them so you know it solves the problem that one person

can pay and give it to everyone else very strong cyphers are used in as 256 bits like we don't have billions years in qu computers go through it um I forgot to say the RSA key was 204 usually pretty strong for RSA most see them soon the keys are encrypted they're not going to be lying about anywhere you know back in that around somewhere case for decryption that is so it's not that easy to retrieve the key and what does all act equals to is Leverage The Fedor actually has rage to demand a ransom you have to pay a ransom or else discovered or we get a conscience so we going to go wrong oh so wrong for

the F actors oh so right for us if you solve for that example there's many keys being generated and Sol a p can be a bit computed for people there are many steps where you can mess up so the first example that we're going to go with is called klopp um klopp might have heard in the news a lot apparently is Russian for badg don't know why chose that name but busy they are in the news like M uh it's this blog specifically that I want to talk about here um a Blog from S one prop around somewhere in targets Linux systems with flawed encryption so we're going to talk about that but the first thing I want to point out is I

don't know who in the marketing department thought that was inappropriate image for a blog is a terrifying crazy makes terrible anyway so we're going to do Qui what the encryption look like veryy simple so an rc4 key is generated per file or per we file gets encrypted and then um the rc4 key gets encrypted with a public RSA key so it's actually quite a simple R somewhere you see you pay the product there you got the private key get your rc4 keys back get your files back this is the windows version of the malware no so they decided to do something really genius for the Linux version they decide to get rid of the um the public key part of it and they

replaced it with another rc4 key symmetric encryption so basically this comes to L that if you're going to make a round smart blood key into the Mal so they basically put a master rc4 key in that encrypted the other rc4 keys in so what you've done is your hybrid crypto system you thrown that out the window the strength and weaknesses of symmetric and asymmetric don't need that so what you take is the strengths of symmetric and replace them with the weaknesses of symmetric and that's it so very easily researchers were able to write a a decryptor for that and um uh people get their files back quite happily until the FR actor reads the blog and they're like

silly me which happens all the time believe me like you think you're researching them they're researching you genuinely so that goes first example our second example is called Zin and this blog we're going to talk about um it was a company called Unit 221B that managed to find out um a FLW it and you can't see it because of her pixel FR here um hopefully in the recording you might be able to see it but um the blog was uh it was actually written in 20 2020 when they found the flaw but they actually waited a couple of years to release it as not to alert the actor what was going wrong so the go

St each file is encrypted with an as 256 bit um key in CVC block mode um CBC stands for cyber blockchaining uh whenever you use symmetric uh block uh block encryption there's different modes you can choose some are more secure than others so what CBC means is that uh you sort of take the output of one block of encryption and use it as like an initialization Vector for next block really M up very nice mod of encryption that as key gets encrypted within RSA 512 bit key that is generated again one per host we start to see the similarities of a data in this um the public uh and private key actually um are stored to the registry

um the private key store registry when it is encrypted with a master public key RSA 204 so I'm not sure people can maybe see what here would be um but it's the do with one of those ciphers is slightly weaker than nums uh and it's this here RSA 512 so if you remember me saying that uh you know like as 256 but very strong but even a key of bigger size in RSA we compared it in the ughs it was proved that um so it was 2005 researchers managed the BR force a 633 bit RSA key um which is uh I think a few a few thousand times stronger than RSA 512 and then in 2009 they also

managed to uh decrypt 768 bit RSA key so the researcher saw that thought I don't see my chances this is not the NAU anymore we have a lot more um like a lot more fire power Huns so basically what they thought they're going to do is they're going to get the public key from the registry try Brak force it and then they'll be able to get their as key uh as keys and then start getting their files back one slight issue when the ransomware stops executing the public key is deleted from the register and um I don't know if you've ever been to McDonald's and you go up and you buy your food and so of you come you're

looking somewhere to sit down and there's a free table some has left all his rubbish and food sitting on it that's kind of how the windows class system registry works when you delete something from the registry it's not that what's there gets cleaned out like a McDonald's bench it's free to use again you just have to do the overring yourself so the busy part if we can if we can get this somehow after being deleted um might over here so they got their DF hard hle and he to called recall um I believe if I'm correct it's named after the movie Total Recall like but they used this and they managed to get the public keys from registry and they had

100% success things so I armed the public key they went for some bar so they went to uh the cloud company dig ution and they got 20 20 virtual machines with 40 CPUs each 20 40 800 CPUs they just crack out so and on average they managed to break these RSA 512 bit keys in about um 4 to 6 hours all time so B see the next lesson right if you're going to encrypt files I want the help developers out there don't use a wake cyer so on to our third example you see it has two names um because is there was a Blog released on it or two blogs and they both came out on the same day so

one Byer somea by the discovered in Bast or by a researcher in Bast um um the second company was in haard so have work from both if you if if you remember my inro the B I have no idea what to call it going found someone so but anyway um so what we're going to do is we are going to look at um I'm sorry just just to give a bit of context umpt ACX it targeted what uh what our network attached storage you know so the genius idea if you put files attach to like the network the internet unbelievable so in it simple terms how it worked is that a key was generated as 256 bit just

one like one per machine and used to encrypt all the files so the files are encrypted with one key and key is encrypted with RSA uh depending on the version of acurax um some are fetched over a C2 some uh RSA keys and just put into the binary itself but we want to really scrutinize the key key key generation stage so how did key generation work there was a string given the string has 64 characters in it and 32 characters were chosen at random so if you do something else 32 * 32 bites 256 bits so that's where get a real strong 256 bit key strong but is that key actually 256 [Music] bits well let's find out so if you

remember characters are pick from the string above how many possibilities can you get if you choose 32 characters a r not so we're going to do a slight bit of mathematics there's your chance to run out of the room you don't like M no one yet okay so the key SP word is number of possibilities to the par of the key length 64 possibilities 32 key L that is that number I put this in the words show howly big it is um I know if you walk in the Tasco and ask for six octo might not have it maybe maybe maybe I don't know um but is is that 256 bits Str well we do a logarithm

calculation so we just simply put it to the two and equals 192 bits ah it is not 256 bits in strength it's only 192 that's what's called the effective key space So based on how you generate the key that can limit how strong or not that you're you know that your key is you know just because it's of a certain length doesn't mean it's of that strength there's other factors to go into it as well um if you remember call Computing side it's actually not going to be that catastrophic for the actor I put it in because it's quite interesting to say but uh you're still going to have a lot of problems enough so what slightly more

catastropic for them anomally find out it's what they use to randomly select the numbers so they used the seed and the seed was essentially the time stamp of when it started the run so B what we figured out is if you get the one time stamp was executed that is fed in to the seed function these uh are uh from the goang you see if you can get the time stamp you could use it as the CM seed and then you could actually write a decryptor to get your files back because you'd be able to generate the C as key not that we did actually we just oh yeah you can do that but um anyway so on to

what find um [Music] so but if anyone remembers I want kind to stop thater Marcus he [Music]

register is way but you can break something right side of the box that larger effect so I'm just story with I wasn't working for at the time of this but sort of askers the story about the B um said they looking at this the same time as normally and um how R some more work is that like I said it reached out to the C2 in some versions to fetch a public RSA key when I reached did the C2 it also grabbed a Bitcoin wallet address so did and whenever they were sort of heading it they realized that after a while stopped giving them any uh new any any new Bitcoin Dres to pay to weird um they kind of went over the

weekend okay whatever look so um they came back after the weekend um when they started heading in again started getting more so what they this might be St this isn't being generated at the time this like what happens if we try to see if we can exhaust this possibly static pill and so they tried that so what they did was they wrote A P script it simulated hundreds of victims all done was it reached out to the C2 address and started getting loads of uh loads of wild dresses to pick victims and they managed to get about 1,200 sued before when they realized that when an actual victim acut the around somewhere there were no available

wallets and probably quite a few developers in this room know if you don't handle exceptions probably you know your code just kind of goes that's sort of what happened it just it couldn't it couldn't parse anything they tried to and I just panicked and exit so there was no infection and they managed to take on 50 different camping this taking of wallets again until you put the blog out and go me and get that so uh is the lesson from that is developers don't know but like smart people are going to find a way to get around you of kill actually maybe the maybe the last develop your code prop standards help any but with that a

example actually not sure but onto our conclusion so I want to say R is still relevant um like it but like genuinely you you still see lots of stories of it happening and uh even the um ncsc they put out um I think this came out last Monday so did um rans has a huge impact on UK economy and probably many other economies in the world um so they see as a big problem um actually in the course of making these slides you know you might have noticed in the description I put in like Hive malware and all uh you see more examples started coming out as I was making these slides at least three more like really

good ones um so one of them in the top which is quite crop um and you see there was just a hard Cod key there was a ROM were targeted one of our customers again hard key justed and uh and then actually there was another blog from tactic IQ I find around somewhere um and so it's still relevant and one thing that actually noticed is that you know some people might have been hit by ransomware quite a few years ago and they have these encrypted files it might be quite important them they they don't actually like dispose the files they they keep hold of them just in the hope that someday they can actually get their fils

back so some people might have been hit like like many years ago it's still kind of relevant for so it's still relevant next Point don't trust everything you read especially in ROM notes um that top statement will take you far in life fake news don't trust everything you read ever ever um but like I said especially in roore notes you know a lot of times it's kind of a game blo so it is you know they're trying to really scare you into like paying the so they are and uh you know they'll put in all sorts of stuff that scar you you know you know they want the ROM you um some ROM they don't they don't your files at all

there's one called R ey it just wipes your files it tells you you encrypts them to pay but it like it just wipes them it does um it happens a lot for mobiles um a lot of mobiles they say they en Cryptor files but they actually just kind of put a screen Locker on they're just trying to play a game GL to get you to pay without having to on cpto stuff um this one I really like is if you see at the top again I'll read it since it's not to visible but um this is thetic IQ blog that I mentioned there's R somewhere from grp called keyp and it says your files are being encrypted with

a military gr encryption algorithm who you did that military gr encryption algorithm which just a hard code okay give it so busy don't trust everything you read just trying to get you to do something BL look for Flaws and implementation um so of what I mean by that is when a key looks very strong might be used wrong just off the top of my head very inappropriate joke it's not the size of key it's how you use it so um but pretty much that there's there's keys that might look very strong but it depends how they're used that uh really you makes it that you can hold R um think outside the box if you can't

break the encryption maybe there's something else that you can break or not um I'm worri that there might be students in the audience so I just I wanted to put this in just a sort of Blacky I put homework if you're a student and you're kind of interested in this sort of stuff maybe you don't have to be a student I just I just want to put these two examples for you one is computer file a YouTube channel from University uh of Nottingham very very good they have loads of videos on encryption and actually even something quite similar with they go through the encryption flow of uh the want to cry around somewhere uh another one is

Professor from abier called Bel Canon he's a a website called a security site.com unbelievable resources that that's just what I could sort of fitness shop that to fill theedge of code Snippets and videos and visualizations and just um with that I thank you I was on my talk and I'll be happy to take [Music] [Applause] questions okay we have time for a few questions here so there might be one floor is all yours there could be one who knows [Music] hello oh yes [Music]

hello sorry so you're asking is there any reason

why um why would they uh use a Waker algorithm like that is I don't know like the only reason I can think of this speed why you know say in in z r somewhere why they would use RSA 512 I guess speed but I guess more computers doesn't really matter anyway um so why you use the W Al I have no idea C them in the end um generally again what you see with Quantum like probably more s of these even bigger algorithms um but use the

[Music] one everybody's just too shy too shy [Music]

so okay thank you very much that was uh great talk really appreciate it so Big R Applause please thank you