Ransomware : kidnapping of data

I came across this term "RANSOMWARE" recently, and sort of liked the concept.. :)

Following is taken from a web post :

Ransomware is a type of malware used for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key. A ransomware program can be installed from an e-mail attachment, an infected program, or a compromised or malicious Web site. Data kidnapping is not new, but has in the past usually targeted businesses rather than individuals. Malware used for this purpose is sometimes called a cryptovirus, cryptotrojan or cryptoworm.

In March 2006, ransomware known as Crypzip or Zippo circulated to private users on the Internet. Recipients of the Trojan horse program also received an e-mail demanding $300, to be paid by electronic transfer, for the key required to unlock all their files. Security firm LURHQ, who discovered the exploit, said it was based on a similar scam conducted 15 years ago.

Ransomware is said to have originated in Russia, It and other cyberextortion methods, such as DoS extortion, are becoming more common around the world. To protect against data kidnapping -- and many other online crimes -- experts urge that users back up data regularly, practice cautious browsing and refrain from opening unexpected e-mail attachments.

And you thought kidnapping was rampant only in Bihar... :)... Probably a plot for Prakash Jha's next movie after "apaharan". Well i never thought cryptography can be put to such use as well... :)

World of cryptography : layman(alias me) view

For the last one year or so i have been working on a product dealing in cryptography : encryption/decryption, digital signatures etc. So I though my first topic should be looking at the world of cryptography thru my eyes.... :)

Cryptography : the art of writing or deciphering messages in code (webster's dictionary)

But for me, this art is so cryptic in itself, that it needs some cryptographic skills to decrypt it.

Ha ha .. I love such recursive definitions, confusing more than explaining. But then those who know me, know, that since my grad days the first solution i used to propose to any problem had to be recursive. For me add(2,3) was 1+add(2-1,3).. with suitable terminating conditions... :)

"Terminating condition"... hmm.... I forgot... my definition of cryptography doesnt have one.... so if you are stuck in an endless loop .... my fault.... :). Fortunately with these digital beings only possible terminating condition for any problem is either 0 or 1....

So here is another definition of cryptography... Its the art of converting a series of 0s and 1s to another "arbitrary" series of 0/1 such that no "intelligent" being can decipher the first series, given the second. When i say intelligent, i mean someone who tries to do it using some logic, some algorithm. Fools are fools and can always get lucky with some flukes...:). And when i say arbitrary, i forgot that computers are such dumb that they cant do anything on their own, not even thinking of a random value. So we need to supply them with some complex algorithm to find an arbitrary no known as the "key" which when applied to original series generates the second... and in the simplest of cases when applied on second generate the first.

Computers might be technological marvels, they resemble women for once (forgive my chauvinism). They "too" are gossipmongers. I ask one to whisper the key to my friends computer, and it broadcasts it to the network instead. So i need to feed in another algorithm that generates two keys instead of one, giving rise to the public private key algorithms.... :)

Not that easy... right... !!!

Fortunately, as one computer scientist once said, 95% of what is to be done has already been done. All these algorithms have been developed and their implementations are easily available (some even free, though the reputed ones are quite costly). You just need to understand them to tweak them to suit your needs... :)

I love this topic and if anyone wants any help on any topic in cryptanalysis, feel free to contact me... (I might charge you later... :)

Technical garbage

I intend to use this page to post some technical trash