You know, this kind of thing is going to become more and more prevalent. I'd strongly urge people to image their hard drives on a regular basis. There is even a FREE great product called Macrium Reflect (http://www.macrium.com/ReflectFree.asp) that will do the trick for you on a scheduled basis. I personally have used Acronis TI for years but now there are so many bugs with it that I have divorced her for Macrium. Seems to do the job and is much faster than TI. It is brutal that ransomware is going to be taking fools by storm but hopefully you can restore an image on an encrypted drive...I suppose before I spout off I should find that out eh? Oh well, back up your machine anyhow...just do it! It will save your butt someday.

Maybe the US military could lend them Roadrunner for a weekend or two...?

" Is it so expensive to buy it ones and then reverse engineer a free tool?"

Wrong assumption... I'm not familiar with the details but they most likely used an asymmetric encryption based and encryption/decryption that works using a well known algorithm. You really need the second key.

It's amazing that with all their special powers, the law enforcement agencies of the world are incapable of tracking down where the money goes.

Buy the key
Reverse engineer a tool
Get sued by malware writer under DMCA (US only, i know, but still possible)

cant they just undelete?

:)

Unless the virus author is very incompetent, the encryption key will be different for each system (probably based on things like hard drive serial number, Windows key, user name, etc.). Simply buying it once won't let people figure out how the key is generated. 

It's probably not very hard to track down the payments, though. 

I doubt this kind of virus will be very successful, anyway. Anyone with "valuable enough" files to pay a large ransom (i.e., companies) is likely to have regular backups. 

And I wonder if the original files can't simply be undeleted...

Kedas: That would work if the black hats were really, really stupid. But if they encrypt your HD with a unique key then all they sell you is the unique decription key for your system.

RogerP is right. Follow the money. Of course, the FBI has more important things to do. Like collecting data on *everyone*.

This is no different than a HD crash. Just reload your backups and go.

You *do* have backups, Right???

http://arstechnica.com/news.ars/post/20070523-researchers-307-digit-key-crack-endangers-1024-bit-rsa.html

"The latest version encrypts all .bak, .doc, .jpg and .pdf "

Hmm, so mp3, avi, mpeg, ogg, divx, exe, sys, com, dll, ini, dat, etc are all fine?

WTF cares? Back up your text and pics, problem solved. Next please.

I like RogerP's idea. It's much more fun to hunt them down and oh say, encrypt their hands with a hammer (makes coding difficult). BTW I just happen to have a hammer!

I'm assuming then it 'securely' deletes the files? Easiest thing would be to just recover the files. http://www.pcinspector.de 

Also, wouldn't the bot herder just update the key and set them back a year? (you've been infected with key #192012, please send virgins) I mean if we give kaspersky the ability to easily crack "good keys" isn't THAT also a problem? Besides, Kaspersky are security specialists, can't they run this trojan on a box and copy the virus from memory if they need a copy of the virus? Or run ethereal for f...s sake? I agree, follow the money. Imagine this on a massive scale.... spooky. Hell it could encrypt your whole hdd in the background... then flash your bios wrong if you don't pay within 30 days.... maybe it really is time to do all network related stuff from a virtual-sandboxed system.

surely if it 'deletes the originals' you could use a cheap file recovery tool to just get them back, assuming that the trojan doesnt have some special multi-pass-wipe utility to delete the files. . . . that would be sneaky


haven't they ever heard of distributed computing?

Crack that sucker and well do the first comment too.

people who dont back their documents and photos up are jus silly

and 

businesses that dont are asking for something like this to happen!

decryption key would be good but learn from the mistakes of yourself and other people!

Kedas get a grip! In real life you don't have Carter from SG-1 reverse-engineering everything. It just doesn't happen.
And I thought everybody knew by now that only the world+Goua'uld use poor encryption...

Is it so expensive to buy it ones and then reverse engineer a free tool?

Wouldn't it be easier to follow the money trail and then fry their gonads at Guantanamo or some other "secret" torture place until they divulge the answer?