The work of Dr. Popp had one fatal weakness. He used symmetric cryptography, meaning that his encryption and decryption keys were the same and could be extracted from the Trojan itself. As a result, universal decryption tools were available soon after the infection. This was not desired behavior for adversaries; the goal for them was to make sure that each victim was unique, and that data could not be recovered until the ransom was paid.
The ransomware species had to evolve. What they needed to achieve was to attack the victim, paralyze it, and create a scenario where removal of the parasite would have worse consequences than just leaving it in place. Victims would stay trapped in this forced, symbiotic relationship until ransom was paid — and the parasite was finally released.
If the previous paragraph reminds you of a face hugger from the Alien movie franchise, you’re not far off the mark, as that was exactly the motivation for Adam L. Young and Moti Yung in 1995, when they presented the idea of using asymmetric cryptography for decryption.
With asymmetric cryptography, the attacker generates a key pair. A public key is stored in the cryptovirus, while a private key stays with the attacker. After a computer is infected, the cryptovirus will generate a new ransom, symmetric key and use it to encrypt all files on its disk. Finally, this newly-generated key gets locked inside an encrypted archive using the public key of the attacker and is completely removed from the victim’s machine.
After the ransom is paid, the victim sends this encrypted archive to the attacker. He then uses his private key to open it, extract the session key and send it back. Since the key is symmetric, the same key that was used for encryption can be used for decryption. It’s not as complicated as it sounds – ransomware encrypts all files and then puts the key in a box that can be opened only by the attacker, leaving no traces behind.
The result? A system where each infected machine requires a unique key and even the attacker cannot decrypt the files without the session key. If one victim pays the ransom, he cannot share his unlock key with anyone else. The private key is never shared with the victim. This idea, presented over 20 years ago, is now at the core of every cryptovirus.
