You’re surfing the internet on a random Tuesday, when suddenly, you receive an unexpected email.
“What holiday package?” you mutter to yourself, as your finger hovers over the delete button. “On second thought, I should check this out,” you decide seconds later, recalling your tendency to browse Amazon after a few too many drinks.
“Tracking…tracking…wait, what?” Suddenly, all your active windows close: your email browser, solitaire, and even that word document you were kind-of working on. They’re replaced by a single window, displaying the notice below.
As your unwelcome visitor lingers, annoyance gradually turns to dread. Thoughts like “A hundred dollars for what?” and “What’s a CryptoLocker?” and “I had a whole paragraph done on that document!” pass through your mind. Finally, you come to accept the obvious: you’re the latest victim of Ransomware.
Ransomware has been around for a while, but the variant described above, coming just lately out of Russia and Eastern Europe, is the most insidious yet. CryptoLocker’s encryption protocol is considered by computer scientists to be virtually impossible to beat. So, victims inevitably either pay the money, using Bitcoin or some other untraceable payment system, or lose their files. Long story short: if you ever want to see that word document again, it’ll cost ya.
Ransomware has taken the world by storm, infecting over 250,000 in just a few months . Of those infected, about 3% pay the ransom, which averages at $300 . Thus our friendly neighborhood Russian cyber-gangs have pulled in roughly 250,000 * 0.03 * $300 = $2,250,000.
Among those 3% who paid the ransom are the members of the Swansea Police Department in Boston, whose entire network was infected with ransomware. They reportedly paid $750 to regain control of their computers . So much for not negotiating with terrorists.
In the cyber-criminals defense, though, $300 isn’t too bad a price (less than another computer), and they probably could have asked much more from a police department. I can just picture the conversation going like this:
SERGEI: We hooked the police department? Hell. YES!!! Talk about a jackpot. $100 a computer? Hell, we could charge $1000! They need those files!
IVAN: Come on, man. What are you, a sociopath? We charge $100 for every computer, even if it’s the president’s. I’m trying to run an honest business here!
In fact, though a few ransom-payers have reported not getting their files back, most do. And CryptoLocker’s masterminds have even been known to monitor tech support forums, helping victims complete their payments!  Can you say win-win?
Add to that the advanced technical knowledge required to design the software, and the fact that as of yet no Crypto Locker has been caught . These guys are disgusting; they’re parasitic; and I don’t condone them in the least. But as far as criminals go—much like Jesse James and his crew, robbing trains in the 1800’s—you kinda gotta respect them.
That being said, make sure to stop by here  before you head out.
In the meantime, let’s learn some computer science.
Why exactly is CryptoLocker so hard to crack? The strength of the RSA encryption lies in the difficulty of factoring large numbers. It’s easy to multiply two massive prime numbers, producing an even larger product. But starting from that product and finding the original two primes is a much, much harder task. CryptoLocker’s creators take advantage of this fact, encrypting files with lengthy keys that are easy to produce but incredibly difficult to decipher.
More specifically: in order to solve the RSA problem, the computer must find some number d such that:
(d * e) Mod φ(n) = 1
Where n is some 2048-bit (massive) semiprime, or a number with only two prime factors p and q; φ(n) is given by (p – 1)(q – 1); and e is some number between 1 and φ(n) coprime with φ(n). 
For example, consider primes p and q given by p = 5 and q = 13.
Their product is the semiprime 5 * 13 = 65 = n.
φ(n) = (5 – 1)(13 – 1) = 4 * 12 = 48.
Choose some number e coprime with 48; say, e = 11.
For what d is d * e Mod φ(n) equal to 1?
Well, d * e Mod φ(n) = 1 –> 11d Mod 48 = 1.
One possible solution is d = 35. Note that 35 * 11 = 385, which, when divided by 48, produces a remainder of 1. So, the so-called public key is (e = 11, n = 65). This is available for the world to see, including the ransomware victim. The private key, which only the hackers know, is (d = 35, n = 65). This private key can be used to decrypt files that have been encrypted using the public key.
Now that we’ve produced our public and private keys, let’s try an encryption ourselves. Choose some secret message given by m: how about m = 23. We find the encrypted version c of this message with the expression c = me Mod n = 2311 Mod 65 = 17. So, c = 17.
Decryption of c requires the private key, and is carried out with the expression m = cd Mod n. Let’s try it: m = 1735 Mod 65 = 23. We’re back to our original message!
The strength of the RSA system lies in the fact that, given the public key, the private key is incredibly difficult to calculate. In our case, it was pretty easy. It’s clear that 65 is the product of primes 5 and 13; from here, we can calculate φ(n); from here, the expression d * e Mod φ(n) = 1 is easy to evaluate. But, with huge semiprimes like the ones used in CryptoLocker, p and q are pretty much impossible to discern. Without p and q, we can’t find φ(n), and without this we have no way to determine d. Thus the code can’t be cracked. We used a 2-digit n, but the semiprime used in CryptoLocker might be 400 or more digits. The largest RSA code that has been factored so far was 232 digits; RSA numbers larger than this probably won’t be factored any time in the near future .
…which brings me back to this!
- The Inquirer: Cryptolocker ransomware has infected quarter of a million systems since September
- The Guardian: CryptoLocker attacks that hold your computer to ransom
- CBS Boston: Cryptolocker Ransomware Being Described As ‘The Perfect Crime’
- ZD Net: CryptoLocker’s crimewave: A trail of millions in laundered Bitcoin
- The Guardian: 10 ways to beat CryptoLocker
- RSA Algorithm Example
- RSA Numbers