37C3 - Unlocked! Recovering files taken hostage by ransomware
Рет қаралды 20,971
4 ай бұрынDecrypting files hijacked by the "second most used ransomware in Germany"
We present an analysis and recovery method for files encrypted by Black Basta, the "second most used ransomware in Germany".
We analysed the behaviour of a ransomware encryptor and found that the malware uses their keystream wrongly, rendering the encryption vulnerable to a known-plaintext attack which allows for recovering affected files. We confirmed the finding by implementing tools for recovering encrypted files.
We have made our tools for decrypting files without access to the actual key available to victims directly, through BSI, and to incident responders, as well as German and international law enforcement. Now, we are actively publishing these tools, along with the knowledge shared in our talk, empowering affected organizations to recover some of their files without succumbing to paying the criminals.
We present an analysis of the Black Basta ransomware and tools for recovering encrypted files without access to the official decryptor or key. Black Basta is "the second most used ransomware in Germany", encrypting Windows computers and ESXi hosts running virtual machine workloads.
Our decryptor-tool exploits a weakness in the cryptographic code in the Black Basta malware. This weakness allows to (partially) recover encrypted files without access to the decryptor and without needing the cryptographic keys used by the ransomware.
We dive into the details of the cryptographic operations used by Black Basta and explain how the malware fails to use the cryptographic primitives properly. In particular, the Black Basta ransomware encrypts victim files using a stream cipher. Files smaller than 5000 bytes are fully encrypted. Larger files are only partially encrypted for efficiency reasons. We found that for larger files, the ransomware re-uses the same cryptographic keystream for encrypting different parts of the same file, thereby breaking the security of the used stream cipher. If the plaintext of any encrypted file part is known, the keystream can be recovered and used to decrypt (large parts of) the target file without the underlying cryptographic key.
Affected organisations can check whether the variant of the Black Basta malware found in their network is susceptible to this attack by purposefully letting the ransomware encrypt a large file (512 MB) containing only zero bytes. If the encrypted parts of the file are identical when analysing the encrypted file (e.g. in a hex editor), recovery is likely possible using the tools presented here.
Depending on the encrypted file, parts of the plaintext may be known. For instance, VM disk images are likely to contain stretches of zero bytes. As part of the tooling we have developed, we have implemented a heuristic to detect encrypted zero blocks in encrypted files. If found, (large parts of) the encrypted file can then be recovered. For other types of files, individual plaintext blocks may be recoverable via other means (e.g. using backups or specialised tools), also enabling data recovery.
The decryption tools can be found here: github.com/srlabs/black-basta...
Tobias Mueller
events.ccc.de/congress/2023/h...
#37c3 #Security
@effsixteenblock50 4 ай бұрын
"You can find them yourself on the internet!" In my best dream ever, I can imagine Tobias responding with, "So are you regretting your decision to retire RSA in favor of a flawed implementation of ECC?"
@jintz2 4 ай бұрын
Typical Mastodon user.
@elmo2you 4 ай бұрын
To me it sounded like the audience member either has a nasty personality disorder, or some considerable (personal) animosity and/or arrogance driving those statements. Anyone knows more about what was going on there? Maybe just a disgruntled anonymous soul (be that legitimately or not), but to me it felt like there was much more going on there than just the words spoken.
@effsixteenblock50 4 ай бұрын
@@elmo2you The audience member sounded like she was implying that since the ransomware actor had again changed encryption schemes (unconfirmed?), that Tobias's presentation was a "nothing-burger" and that she was somehow "exposing" him. Whether or not the actor did in fact do what she alleges, she is wrong.
@sfdntk 4 ай бұрын
@@elmo2you I reckon she's just on the spectrum and isn't intentionally coming across as confrontational, conferences like these (and the industry as a whole) naturally attract a lot of neurodivergent people. One of the ways that ASD can present itself is the inability to detect or emulate tone in conversation, some people on the spectrum can come across as far ruder than they intend to be without realising it. Obviously we have no way of knowing if that's the case for this particular woman, maybe she feels like her time was wasted and she's annoyed about it, but I think we should give her the benefit of the doubt and not jump to any solid conclusions about her intent.
@JamesBos 4 ай бұрын
Huge respect to Tobias and co for releasing this. They could have made a motza holding this close to their chest. ❤️
@ewookiis 4 ай бұрын
It's been ages since this was not already in the public domain on how to approach it. The nitty gritty is not always needed - the better part is _how_ to act if it happens - and before that - always - always ensure a sound level of sanity (security / compliance etc etc..) in environments.
@TheSlimHim 4 ай бұрын
This is amazing! I wonder if they will take on the phobos decryption project going on?
@dascandy 4 ай бұрын
Hoping Tobias reads the youtube comment section... if you have an encrypted file that is likely to contain blocks of pure zeroes - heck, even a MKV file typically contains at least 2kB of zeroes, and no other blocks of 64-bytes that are commonly present in the file - you should be able to scan through the file to find the most common block at those offsets, and xor each of them with that block, to decrypt any such file. Would even work if it were encrypted multiple times as long as each of the encryption steps was using the same kind of broken software. With regards to file formats specifically, most file formats storing "large" files prefer to have a header describing the start of the file, and the remainder in chunks that are often aligned on page boundaries. That means that you're likely to find chunks of an average of 2kB of zero bytes or 0xFF bytes with padding. Executables, shared libraries, movie file formats, music file formats all do this. Image file formats don't, sadly, so there might be something doable with predefined knowledge of the file format. You don't want to be brute forcing, but you can definitely use different fixed-offset chunks that contain different parts of the "key".
@magicmulder 4 ай бұрын
Assuming the ransomware peeps would actually honor their pledge to decrypt when they’re paid, how do *they* know which key to use for which file? It’s not really feasible for them to phone all keys home after all.
@TobiKellner 4 ай бұрын
At around 11:50 he talks about every victim getting their own file extension. Presumably that extension and/or the "Login ID" in the ransom instructions .txt somehow contain the key in an encoded form?
@effsixteenblock50 4 ай бұрын
Remember that copies of the files are exfilled to the actor's own infrastructure. I'm sure that the key and other relevant data is as well.
@debug_duck 4 ай бұрын
It is fairly easy to derive unique per-file encryption keys from a common secret, which can then be used as single-point to unlock all files. That is undoubtly what they are doing with the extension and/or the extra bytes in the files.
@tomt7621 4 ай бұрын
Genialer interessanter talk ich liebe dieses Jahr die Konferenz mit fast jedem talk mehr, mir fehlt nur noch: Ein talk von David Kriesel Eine Erklärung warum ein talk von einem deutschen auf einer deutschen Konferenz auf englisch gehalten wird. Again another great ccc this year. There are so many Talks i enjoied. I also love this talk. I dont know why, but i even enjoy the ccc Talks more then some of the las vegas conferences... But why is this talk in english? Obviously you can reach way more people by talking in english and i'm really happy Talks in other languages are Part of the ccc conferences and that some angels translate the Talks... But why are some Talks from germans at a german conferences are hold originally in english? My 7 year old son watches sometimes the Talks together with me and the reason he enjoys ccc more then Black hat or defcon is the german language.
@FunctionGermany 4 ай бұрын
i guess because certain topics like this one are likely interesting to audiences with other languages. in one graph you can see that while this ransomware is one of the most used in germany, it is also used a lot in other countries. part of the mission of this talk is to spread the message about this decryptor being available as well as educating about preventative measures and using english helps in this case.
@StuartWoodwardJP 4 ай бұрын
At a conference like the CCC a huge part of the event is actually being there and the presenters only get one chance a year on the main stage to present their work. Presentations go on from 8AM to Midnight in some conferences and if they had an additional day or extra stages the schedule would still be full of people wanting to present. However increases in the number of stages dilutes the attendance and creates logistical problems and increases to the length of the conference reduces the quality. So at a certain point a line is drawn and the results are what we see. Even if a presenter wanted to present in multiple languages there isn't the time or opportunity. However, I would suggest that if you find an interesting talk that you would like to hear in German then contact the speaker, they may already have given the talk locally, or might do so as a result of your request. They might even record it for you.
@deanvangreunen6457 4 ай бұрын
Talk starts at 12:00
@aaronr.9644 4 ай бұрын
If we know their bitcoin addresses, wouldn't it be possible to blacklist them such that miners would not add these transactions to new blocks? Gone are the days of people mining at home. Mining has become big business requiring large investments. I assume it is much easier to reach the miners then the criminals. Wouldn't it be worthwhile to try and blacklist these addresses?
@loeffel999 4 ай бұрын
Nothing stops them to create new bc wallets all the time.
@user-tr9rk1ni1i 4 ай бұрын
Imagine they would use the key for every file for performance reasons. That would be lolz. Anyways huge thumbs for this effort. If any client is virtualized you can recover almost everything. Wow.
@trungkiennguyen7655 4 ай бұрын
Interesting, the malware is using best practice according to payment practices (separate Cipher Object for each chunk) Definitely could have been made faster, and even harder for researchers to analyze, if they used the same cipher for all chunks (state-based) The author must have experience working in payment services (e.g bank)
@4crafters597 4 ай бұрын
This means they restart the encryption in code per block? Or am I misunderstanding?
@frogz 4 ай бұрын
somewhere somebody in a foreign language: RATS, NOW HOW AM I SUPPOSED TO MAKE MONEY? thank you whoever reverse engineers things, especially for the betterment of fellow humans
@DavidCosta85 4 ай бұрын
can't we just remove the formula from the encrypted file checking for patterns and approximations in files in different computers
@zxcvb_bvcxz 4 ай бұрын
no
@kveonlichman2917 4 ай бұрын
what is blud yapping about
@KaneYork 4 ай бұрын
why are you trying to help the bad people
@DavidCosta85 4 ай бұрын
another idea. this is fun. what about recovering and cracking encrypted files get the original file and then mine it and encrypted again with another algorithm
@zxcvb_bvcxz 4 ай бұрын
did ChatGPT write this?
media.ccc.de
Рет қаралды 66 М.
SANS Digital Forensics and Incident Response
Рет қаралды 22 М.
Jason Derulo
Рет қаралды 61 МЛН