Prometheus, a ransomware variant based on Thanos that locked up victims' computers in the summer of 2021, contained a major "vulnerability" that prompted IBM security researchers to attempt to create a one-size-fits-all ransomware decryptor that could work against numerous ransomware variants, including Prometheus, AtomSilo, LockFile, Bandana, Chaos, and PartyTicket.
Despite the fact that the IBM researchers were able to erase the work of many ransomware versions, the panacea decryptor never materialised.
According to Andy Piazza, IBM worldwide head of threat intelligence, the team's efforts indicated that while some ransomware families may be reverse-engineered to produce a decryption tool, no organisation should rely on decryption alone as a response to a ransomware assault.
“Hope is not a strategy,” Piazza said at RSA Conference 2022, held in San Francisco in person for the first time in two years.
Aaron Gdanski, who was assisted by security researcher Anne Jobman, stated he became interested in developing a Prometheus decryption tool when one of IBM Security's clients got infected with the ransomware. He started by attempting to comprehend the ransomware's behaviour: Did it persist in the environment? Did it upload any files? And, more particularly, how did it produce the keys required to encrypt files?
Gdanski discovered that Prometheus' encryption process relied on both "a hardcoded initialization vector that did not vary between samples" and the computer's uptime by using the DS-5 debugger and disassembler. Gdanski also discovered that Prometheus generated its seeds using a random number generator that defaulted to Environment.
“If I could obtain the seed at the time of encryption, I could use the same algorithm Prometheus did to regenerate the key it uses,” Gdanski stated.
Gdanski had a starting point to focus his investigation after obtaining the startup time on an afflicted system and the recorded timestamp on an encrypted file. Gdanski developed a seed from Prometheus after some further computations and tested it on sections of encrypted data.
Gdanski's efforts were rewarded with some fine-tuning.
Gdanski also discovered that the seed changed based on when a file was encrypted. That meant that a single decryption key would not work, but he was able to gradually generate a series of seeds that could be used for decryption by sorting the encrypted files by the last write time on the system.
Gdanski believes the result might be applied to other ransomware families that rely on similar flawed random number generators.
“Any time a non-cryptographically secure random number generator is used, you’re probably able to recreate a key,” Gdanski stated.
However, Gdanski stressed that this problem is unusual in his experience. As Piazza emphasised, the best protection against ransomware isn't hoping that the ransomware used in an assault is badly executed, it’s preventing a ransomware attack before it happens.
