ASkript

Trojan.Ransom.Crysis.E Decryption

Recommended Posts

Virus:
Trojan.Ransom.Crysis.E (BitDefender)

Result:
We have identified "Dharma (.cezar Family)". This ransomware is not decryptable! 
.id-<id>.[<email>].ROGER

Does it uses AES and RSA encryption? Would memory dump help in any way?
How does it generate the key? Would narrowing down attack to minutes help?
Am i demand to wait for computers to get much more powerful?
Or worst yet support criminals to recover files in timely manner?

 

Share this post


Link to post
Share on other sites
On 6/22/2020 at 3:29 AM, ASkript said:

Does it uses AES and RSA encryption?

The information about the encryption used can be found at the following link:
https://translate.google.com/translate?hl=en&sl=ru&tl=en&u=https%3A%2F%2Fid-ransomware.blogspot.ru%2F2016%2F11%2Fdharma-ransomware.html

It's secure encryption, and there's no way to crack it. 

 

On 6/22/2020 at 3:29 AM, ASkript said:

Would memory dump help in any way?

If you were able to get a memory dump from the ransomware while it was encrypting files, then in more than likely wouldn't help. RSA keys use a public key to encrypt, and a private key to decrypt. The private key is kept safely in a remote server while the ransomware uses the public key to encrypt files, and there's nothing you can learn from the public key that would help with decryption of files.

 

On 6/22/2020 at 3:29 AM, ASkript said:

How does it generate the key? Would narrowing down attack to minutes help?

I would believe the keys are generated securely, and if they were generated on a remote server then you could never be entirely certain what time they were generated, and so even if there was the possibility of a time-based RNG exploit then you wouldn't be able to do anything with it.

 

On 6/22/2020 at 3:29 AM, ASkript said:

Am i demand to wait for computers to get much more powerful?

They won't get powerful enough fast enough. The odds are much better of law enforcement catching the criminals and confiscating their database of private keys.

 

On 6/22/2020 at 3:29 AM, ASkript said:

Or worst yet support criminals to recover files in timely manner?

We don't normally recommend that, however if you feel that's the only way to get your files back in a reasonable amount of time then we understand that you have to do what you feel is best.

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.