Flaw in Linux Encryption Ransomware Exposes Decryption Key

The recently uncovered file-encrypting ransomware Linux.Encoder1 is plagued by a flaw that can be used to recover the files held for ransom by the threat.

Russian antivirus company Doctor Web reported last week that the Linux ransomware appears to be mainly targeted at website administrators whose computers store web server software. The threat encrypts files found in the root and home folders, and files in directories used to store web servers, websites, backups, and source code.

The malware, reportedly distributed via a vulnerability in eBay’s Magento ecommerce platform, demands the payment of one Bitcoin ($380) in exchange for the key needed to recover the files.

Linux.Encoder1 encrypts documents, applications, source code and media files using the AES-128 encryption algorithm with a key that is generated locally on the victim’s device. The AES key is then encrypted with an RSA key to ensure that the files cannot be recovered without paying the ransom.

Cracking RSA and AES encryption is nearly impossible and the RSA private key needed to decrypt the AES key is only stored on the attacker’s machine. However, researchers at Bitdefender discovered a flaw in the way the AES key is generated.

“We realized that, rather than generating secure random keys and [initialization vectors], the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption. This information can be easily retrieved by looking at the file’s timestamp,” Bitdefender said. “This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA public key sold by the Trojan’s operator(s).”

The security firm has released a decryption tool that automatically restores files encrypted by Linux.Encoder1. A script and usage instructions are available on Bitdefender’s website.

Researchers have pointed out that cybercriminals usually pay great attention to how keys are generated. That is why Linux users are advised never to execute untrusted applications with root privileges, and perform regular backups that will allow them to recover their files in case they fall victim to ransomware.

Bitdefender also released on Monday a piece of software designed to prevent the recently launched CryptoWall 4.0 from encrypting files. Currently, there is no way of recovering Cryptowall-encrypted files without paying the ransom, which is why users are advised to add an extra layer of protection designed to block file encryption attempts.