Originally Posted by davcc22
I reckon they shouldsell the encryption to a bank and then they'll be set for life and more famous for a good reason
That's the thing, though: they're using a public encryption scheme. Apparently they're using a combo of RSA (2-key/public key/asymmetric crytpo) and AES (single-key/symmetric crypto), both of which you use every day. Your NIC probably communicates to your wireless router with AES, and you initiate connections to HTTPS sites using RSA (that's what certificates are all about) and then AES after the connection is established.
There really isn't anything revolutionary here, other than the fact that they've used it to their own advantage.
Originally Posted by farmdve
So far, there is no way to decrypt the files without the private key, and it can only be obtained from the criminal that runs the virus AFTER YOU PAY. And if he was smart, private keys are usually really huge and impossible to bruteforce thus you have to pay or your data is gone for good.
Well... You could always try to attack them back, steal all of the keys, and then publish them to the public so that everyone can try to retrieve their stuff. That's much easier said than done, though lol
Originally Posted by anoob
I always though surfing the internet with a Linux Live CD was fun to do because you can't infect what you can't write to. They can't write and encrypt a compact disc.
That probably helps, but will it completely protect you? If your HDD is still connected to the system, a really intelligent piece of malware may be able to mount your HDD and plant itself on your drive, even if you've booted from the live CD. That's probably not worth the devs programming in, but it's always a possibility.
By the way: brewermoe, would you happen to have a sample of the .exe of cryptolocker? I'd like to take a look at it if I can get a copy.Edited by The Hundred Gunner - 10/20/13 at 12:26pm