No need to crack RSA when you can guess the key
—————————–
Update: There have been some developments regarding this ransomware. It was brought to our attention that the decryption tool was not working on particular cases. Upon investigation we were surprised to find out that some victims were infected more than one time (the ransomware was accidentally started more than once).
This means that some files were encrypted using a key, and others using another set of keys. However, in so doing, the race condition generated leads to some files getting irreparably damaged (their content is truncated to zero). And in some cases even the ransom notes became encrypted!
We updated the decryption utility and the README. Please read it for the new instructions.
/update
File-encrypting ransomware Trojans are almost ubiquitous on Windows, and it was only a matter of time until the advent of the first piece targeting Linux. Dubbed Linux.Encoder.1, this first piece of Linux ransomware is extremely similar in behavior to CryptoWall, TorLocker and other notorious ransomware families for Windows.
How does it work?
Linux.Encoder.1 is executed on the victim’s Linux box after remote attackers leverage a flaw in the popular Magento content management system app. Once executed, the Trojan looks for the /home, /root and /var/lib/mysql folders and starts encrypting their contents. Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum. The symmetric key is then encrypted with an asymmetric encryption algorithm (RSA) and is prepended to the file, along with the initialization vector used by AES.
Once the files have been encrypted, the Trojan attempts to also encrypt the contents of the root (/), skipping only critical system files, so the operating system will be able to boot up again.
At this point, it would be safe to assume that users can’t get their data back unless they pay the operators a fee in exchange for the RSA private key to decrypt the AES symmetric one. However, a major flaw in the way the Encoder Trojan is designed allowed Bitdefender researchers to recover the AES key without having to decrypt it with the RSA private key.
A primer on encryption
Throughout 2015, most crypto-ransomware Trojans have used mixed encryption algorithms to hold valuable information hostage. To rapidly and effectively encrypt large amounts of data, crypto-ransomware Trojans rely on the Advanced Encryption Standard (AES for short) – an encryption algorithm that uses a symmetric key (the same key for both encryption and decryption). To avoid interception of the encryption key as it is sent from the command and control server, crypto-ransomware operators usually complement AES with RSA (an asymmetric key encryption algorithm). RSA generates a pair of complementary public-private keys – the public key is used for encryption and the private one for decryption. These keys are usually generated on the hackers’ server and only the public key gets sent to the victim PC. Since RSA is less resource-effective on big chunks of data, the public key is only used to encrypt a small, yet critical, piece of information: the encryption key used by the AES algorithm that is generated locally. The RSA-encrypted AES key is then prepended to the beginning of every encrypted file, along with the original file permissions and an initialization vector (IV) used by the AES algorithm.
The million-dollar flaw
We mentioned that the AES key is generated locally on the victim’s computer. We looked into the way the key and initialization vector are generated by reverse-engineering the Linux.Encoder.1 sample in our lab. We realized that, rather than generating secure random keys and IVs, the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption. This information can be easily retrieved by looking at the file’s timestamp. This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA private key sold by the Trojan’s operator(s).
Automated decryption tool now available
Bitdefender is the first security vendor to release a decryption tool that automatically restores affected files to their original state. The tool determines the IV and the encryption key simply by analyzing the file, then performs the decryption, followed by permission fixing. If you can boot your compromised operating system, download the script and run it under the root user.
Here is a step-by-step walkthrough to get your data back:
– Download the script from the Bitdefender Labs repository [link updated to include the fix for the recent evolution of the ransomware]
(chances are that encryption also affected the system and you might need to boot from a live CD or mount the affected partition on a different machine)
– Mount the encrypted partition using the mount /dev/[encrypted_partition]
– Generate a list of encrypted files by issuing the following command: /mnt# sort_files.sh encrypted_partition > sorted_list
– Issue a head command to get the first file: /mnt# head -1 sorted_list
– Run the decryption utility to get the encryption seed: /mnt# python decrypter.py –f [first_file]
– Decrypt everything using the displayed seed: /mnt# python /tmp/new/decrypter.py -s [timestamp] -l sorted_list
Given the complexity of the task, we provide free support to any user in need of assistance. Just drop us a line via the comment form below and we’ll do our best to help you.
Today’s Takeaway
If your machine has been compromised, consider this a close shave. Most crypto-ransomware operators pay great attention to the way keys are generated in order to ensure your data stays encrypted until you pay. Mistakes such as the one described above are extremely fortunate, but also extremely rare. Next time, consider a couple precautions:
– Never run applications that you don’t completely trust as root user. This is a great security risk that will likely compromise your machine or the integrity of the data on it;
– Backup early, backup often. If your computer falls victim to ransomware, it would be better to simply restore the affected files from an earlier backup than to pay the decryption fee. Remember that easy money is the primary driver for crypto-ransomware operators to build these Trojans and perfect them in time. The less profit they make, the lower their interest in developing crypto-ransomware.
-If your Linux device is on an organization’s network, you might want to add a security solution such as Bitdefender Gravity Zone. An antimalware solution blocks this type of threat before it manages to irreversibly encrypt files.
Update your web applications as often as possible. This includes installations of WordPress, Magento or other third-party CMS apps that can be leveraged for remote code execution.
Decryption utility was available courtesy of Bitdefender cryptography specialist Radu Caragea. We would like to extend our thanks to Bitdefender antimalware researchers Codrut Marinescu, Razvan Benchea, Cristina Vatamanu and Alexandru Maximciuc.
[…] “We realized that, rather than generating secure random keys and IVs, the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption. This information can be easily retrieved by looking at the file’s timestamp. This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA public key sold by the Trojan’s operator(s),” the company explained in a recent post. […]
[…] Update: 6:09 p.m. ET: Bitdefender has published a blog post stating that the ransomware that is the subject of this post contains a flaw that let the company decrypt files that were encrypted by this malware. See their post here. […]
i have centos 5.8 and i hit by ransomware . i am newby please help me to resolve this issue
When running the decrypt i’m getting an error.
python decrypter.py –f /home/admin/.bash_logout.encrypted
File “decrypter.py”, line 43
with open(filepath, ‘rb’) as f:
^
SyntaxError: invalid syntax
[…] security firm has released a decryption tool that automatically restores files encrypted by Linux.Encoder1. A script and usage instructions are […]
[…] the script and run it underneath the idea user,” the Bitdefender researchers said in a blog post that also accommodates detailed directions on how to make use of the […]
Tim, you seem to be using an older version of Python that does not have the “with” statement. The script was made for Python 2.7
very nice find. bitdefender 1 – 0 hackers
[…] download the script and run it under the root user,” the Bitdefender researchers said in a blog post that also contains detailed instructions on how to use the […]
[…] the script and run it below the inspiration user,” the Bitdefender researchers said in a blog post that also incorporates detailed directions on how to make use of the […]
ok, that did the trick. Thanks 🙂
Copied encrypted files to box with python 2.7 first got the seed from the old box.
[…] flaw allowed the experts at Bitdefender to develop a decryption tool that automatically recovers files encrypted by the Linux.Encoder1. The company also provided a […]
[…] “Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum,” BitDefender explained. […]
[…] flaw allowed the experts at Bitdefender to develop a decryption tool that automatically recovers files encrypted by the Linux.Encoder1. The company also provided a […]
hackers hack (either white/black hat). Malware writers write malware. Crackers crack software and code serials. Let’s start naming things properly, please.
[…] download the script and run it under the root user,” the Bitdefender researchers said in a blog post that also contains detailed instructions on how to use the […]
Good work, I’ll probably change the ToyOS(Win) home computers to Bitdefender.
Hey, people has to play also 🙂
[…] flaw allowed the experts at Bitdefender to develop a decryption tool that automatically recovers files encrypted by the Linux.Encoder1. The company also provided a […]
[…] um sicherzustellen, dass das Opfer das Lösegeld bezahlt. Allerdings haben die Experten von Bitdefender eine Möglichkeit gefunden den AES Key wiederherzustellen, ohne im Besitz des RSA Keys zu sein. Offenbar generieren die […]
[…] download a book and run it underneath a base user,” a Bitdefender researchers pronounced in a blog post that also contains minute instructions on how to use a […]
[…] Google-fu. It seems the encryption key used is predictable, and recovery isn’t all that difficult, just […]
[…] Pachetul de instrumente furnizat de Bitdefender află codul de criptare prin analizarea fișierului și execută operațiunea de decriptare, urmată de repararea acestuia. Dacă sistemul de operare compromis de atac începe să boot-eze, descărcați și rulați scriptul de pe aici. […]
Hi! About half of the encryted files get decrypted just fine, but for the other half I get “IV not found for…” messages. What could be the possible cause of such behaviour?
And when I generate encrypte file list(which is huge in our case), can I pick a block of files(particular project) from the middle of that list and run the script on that particular block only? Does it work this way?
[…] http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/ […]
One more comment. When I run decrypter.py script on full sorted file list it stops after some 10 minutes with following messages:
Traceback (most recent call last):
File “decrypter.py”, line 139, in
sys.exit(main(**vars(options)))
File “decrypter.py”, line 115, in main
decrypt_files(seed, filelist)
File “decrypter.py”, line 100, in decrypt_files
decrypt_file(d, filepath)
File “decrypter.py”, line 61, in decrypt_file
old_mode = struct.unpack(“<I", f.read(4))[0]
struct.error: unpack requires a string argument of length 4
Smart approach and doing the public a service, hats off!
[…] Pachetul de instrumente furnizat de Bitdefender află codul de criptare prin analizarea fișierului și execută operațiunea de decriptare, urmată de repararea acestuia. Dacă sistemul de operare compromis de atac începe să boot-eze, descărcați și rulați scriptul de pe: http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/. […]
[…] Bitdefender ha trovato una falla nel sistema di generazione della chiave: eseguendo un reverse engineer del ransomware i tecnici hanno scoperto che il generatore pseudocasuale utilizzato viene inizializzato con il timestamp del momento in cui viene eseguita la cifratura, informazione che è facilmente recuperabile guardando il timestamp del file cifrato. Pertanto è disponibile un programma che decifra i file bloccati. Come in altri casi, questo programma funziona con la versione attuale di Linux.Encoder.1, come lo sapete voi che il programma di cifratura è difettoso, l’hanno scoperto anche gli autori del malware ed è ragionevole presumere che già adesso stiano modificando il software. […]
Jan, it’s hard to say without further information. A few questions:
– Can you pinpoint the exact file that the decryption doesn’t work anymore (IV not found message)? Can you check the files before and after it (in the sorted list) and see if there is any noticeable discrepancy in their timestamps?
– Exactly how many files are in total? How many are decrypted ok and how many not at all?
– Can you try changing line 92 in decrypter.py from “range(count * 2)” to something bigger such as 4 or 6 ? (“range(count * 6)”). Let’s see how that goes first.
[…] Pliki szyfrowane są za pomocą klucza symetrycznego i trybu AES-CBC-128 a w każdym zaatakowanym folderze umieszczany jest plik README_FOR_DECRYPT.txt. Klucze symatryczne użyte do szyfrowania są zabezpieczane kluczem asymetrycznym RSA. Na całe szczęście proces szyfrowania, a konkretnie generowania kluczy AES, został fatalnie popsuty przez autora, dzięki czemu możliwe jest odzyskanie oryginalnych plików. […]
How does it get to root? how does it get to home?
Do I download a program and then run the program as root? Is it another one of these selling sand to Arabs? You understand anti-malware trying to sell anti-malware to everybody and anybody. Some people are just far too greedy for their own good.
[…] klucza RSA, który to pozwala na odszyfrowanie kluczy symetrycznych AES. Jak się jednak okazało po przeanalizowaniu (reverse-engineering) sposobu działania samego programu, nie jest to […]
[…] "We realized that, rather than generating secure random keys and IVs [initialization vectors], the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption," explain the researchers in a blog post. […]
[…] de receber a informação quente, que hoje de manhã a empresa Bitdefender disponibilizou uma ferramenta que descriptografa os arquivos gerados pelo Linux.Encoder.1, uma boa notícia não […]
great job, it works very well. But it does memory leak when it comes to process a lot of files in sorted_list.
a temporary solution is adding swap to the server and modify decrypter.py decrypt_file function as the follow
with open(decrypted_path, ‘wb’) as f:
f.write(decrypted_content)
del f
del decrypted_content
One of my test servers got hit with this last week. I just tried this solution on a backup of the VM and can confirm that it works. Details of the attack are available here: http://daviddeppner.com/blog/magento-ransomware
[…] care au fost infectati cu cel mai nou ransomware pentru Linux au noroc, pentru ca acum exista un instrument gratuit care le poate decripta fisierele […]
[…] Pachetul de instrumente furnizat de Bitdefender află codul de criptare prin analizarea fișierului și execută operațiunea de decriptare, urmată de repararea acestuia. Dacă sistemul de operare compromis de atac începe să boot-eze, descărcați și rulați scriptul de pe: http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/ […]
[…] have one, you’re lucky the hackers used a predictable encryption key. Bitdefender released a script to help you decrypt your encrypted files and folders. Since fixing this issue is rather complex, […]
[…] rematar la jugada otra firma de seguridad como es BitDefender habría echado un vistazo al asunto y por lo que adelantan, no se trataría de un ransomware tan […]
[…] de nombres et des lettres aléatoires. Par chance, Bitdefender a étudié la menace et a découvert une faille dans le malware permettant de déchiffrer les fichiers après une […]
[…] Bitdefender Toolkit is provided by parsing code encryption and decryption operation running, followed by repair. If the operating system starts to attack compromised boot, download and run the script from here. […]
[…] лаборатории Bitdefender проанализировали недавно анонсированное вымогательское вредоносное […]
Radu, Your suggestion to change line 92 as written above did not help. Instead I found out that the reason for Your script to stop with “struct.error: unpack requires a string argument of length 4” happens when encrypted file is for some reason shorter than decrypt_file(d, path) is trying to read from it. So basically script stopped when it ran into zero length encrypted file. I solved this one with adding a file size check as follows:
with open(path, ‘rb’) as f:
f.seek(0, os.SEEK_END)
size = f.tell()
f.seek(0, os.SEEK_SET)
if size < 25:
print 'File is too short, skipped… %s' % path
f.close()
return
I thought that 25 is a good enough 🙂
But I'm still struggling with te "IV not found for…" files.
Jan, I’ll drop you a mail shortly to discuss things in more detail.
[…] onderzoekers zeggen in een blogpost dat als je het OS kunt booten en je de tool als root kunt draaien, je de gijzelingsactie ongedaan […]
I am also curious how it gets root access. Or does it just attempt to encrypt things and only succeeds if magento runs as root or your permissions are broken? Or does it actually have some privilege escalation mechanism?
[…] “Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum,” BitDefender explained. […]
Same to Jan’s problem. A lot of files with “IV not found for…”
Jan, Aidus. We have identified the problem and we’re working on a fix.
[…] Update – attackers botch private key! – see here for way out solution found […]
[…] Software-ul periculos a fost identificat pentru prima dată săptămâna trecută și vizează mai ales stațiile de lucru ale administratorilor de sistem din companii. Virusul denumit Linux.Encoder.1, primul ransomware care vizează sistemul de operare Linux, are un comportament similar cu CryptoWall, TorLocker și alte familii care acționează pe Windows. Pachetul de instrumente furnizat de Bitdefender află codul de criptare prin analizarea fișierului și execută operațiunea de decriptare, urmată de repararea acestuia. Dacă sistemul de operare compromis de atac începe să boot-eze, descărcați și rulați scriptul de aici. […]
We have updated the article and the tool to work properly when the ransomware starts more than once on the same machine.
[…] […]
Hi, I follow all the steps, but when I try to “Find the seed” step, I get this error:
Traceback (most recent call last):
File “./decrypter.py”, line 142, in
sys.exit(main(**vars(options)))
File “./decrypter.py”, line 112, in main
seed = find_seed(filename)
File “./decrypter.py”, line 49, in find_seed
key = f.read(key_sz)
OverflowError: Python int too large to convert to C long
Can you help me? Why occurs this?
[…] Linux Ransomware Debut Fails on Predictable Encryption Key … […]
Coder, what is the exact command you are running? (And can you please redownload and use the updated version of the decrypter archive?)
[…] As explained in Bitdefender, Linux.Encoder.1 uses the date and time of the machine to generate its private key instead of a true generator of random number. A timestamp of the infection is easy to obtain since it is sufficient to retrieve the date of creation of readme files deposited by a malware to the user’s intent : Bitdefender proposes a script for the infected users who wish to avoid paying the ransom and recover all of their data. bonibor […]
[…] “buena” noticia es que Bitdefender, después de hacer ingeniería inversa a dicho espécimen, ha encontrado que la clave AES es […]
[…] Details for performing the decryption are available on the company’s website. […]
[…] L’outil détermine les vecteurs d’initialisation et la clé de chiffrement simplement en analysant le fichier, exécute ensuite le déchiffrement, puis répare les permissions. Si l’utilisateur peut démarrer son système d’exploitation compromis, il est invité à télécharger le script et à l’exécuter sous l’utilisateur root. Pour télécharger le script et voir pas à pas comment restaurer ses données, rendez-vous sur le site des Laboratoires Bitdefender. […]
Hello ! In my case the things are a bit different.
The attack was made through an abandoned Magento install.
BUT – they encrypted ONLY the /var/www folder
and only the apache owned files. The files owned by root were not encrypted.
How should I know if this decrypter applies for me?
I cannot find the /tmp/new/decrypter.py path
I tried to run like this:
# python decrypter.py -s 1446655061 -l sorted_list
[!] The seed, filelist, and errorfilelist are all required
[…] Pachetul de instrumente furnizat de Bitdefender afla codul de criptare prin analizarea fisierului si executa operatiunea de decriptare, urmata de repararea acestuia. Daca sistemul de operare compromis de atac incepe sa boot-eze, descarcati si rulati scriptul de pe: http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/. […]
[…] eerste poging is echter mislukt. De ransomware gebruikte geen willekeurige sleutels voor de encryptie, maar gebruikte andere […]
[…] eerste poging is echter mislukt. De ransomware gebruikte geen willekeurige sleutels voor de encryptie, maar andere informatie die […]
[…] la conception du malware, ce qui rend la clé de déchiffrement prédictible. Ils ont donc sorti un petit outil qui vous permettra de récupérer vos fichiers sans avoir à […]
Hi, I try with the new version, but I get the same error. My steps were the following:
root@kali:~/Escritorio# bash decrypter/sort_files.sh > sorted_list
root@kali:~/Escritorio# head -1 sorted_list
1446655006.0000000000 ./decrypter/pdf.encrypted
root@kali:~/Escritorio# python decrypter/decrypter.py -f ./decrypter/pdf.encrypted
Traceback (most recent call last):
File “decrypter/decrypter.py”, line 182, in
sys.exit(main(**vars(options)))
File “decrypter/decrypter.py”, line 150, in main
seed = find_seed(filename)
File “decrypter/decrypter.py”, line 65, in find_seed
iv_file, _ = parse_header(filepath)
File “decrypter/decrypter.py”, line 49, in parse_header
key = f.read(key_sz)
OverflowError: Python int too large to convert to C long
Am I doing something wrong?
[…] eerste poging is echter mislukt. De ransomware gebruikte geen willekeurige sleutels voor de encryptie, maar gebruikte andere […]
Maybe, for the next reply, I can use the return key to be a little more readable. Sorry for that.
Latest script which I downloaded some half an hour ago(Decrypter_0-1.3), is unable to get seed from the first file of my sorted_list, it does not do anything at all. I have to stop the script with Ctrl-C. However older version 0.2 of the decrypter.py scipt provides correct seed from the same file with -f option instantly.
[…] empresa de seguridad ha creado y publicado un pequeño script (totalmente gratuit0) que automatiza prácticamente todo el proceso de generación y recuperación […]
Jan, you need to leave it longer as it now accounts for the multiple seed case. I gave you more details in the mail yesterday but you haven’t responded
Coder, I dropped you a mail for further info. Please check your inbox
Alin, please read the README, you have step by step instructions there. (in your case you are missing the -e parameter from step 5)
Hi Radu ! Can you please help me with some tips on how to solve in my case?
sorry ! I just read your message above
[…] la conception du malware, ce qui rend la clé de déchiffrement prédictible. Ils ont donc sorti un petit outil qui vous permettra de récupérer vos fichiers sans avoir à […]
decrypter 1.3 hangs and does nothing for files that 1.2 worked fine on. Deb 7, python 2.7. Sits on a read in strace and never completes.
I can’ t get “seed” with both version too.
First 3 files from step 3:
# ls -l ./files/*
-rw-rw-rw- 1 nik nik 2329 Aug 25 04:17 ./files/dhcp-mikrotik-static.sh.encrypted
-rw-rw-rw- 1 nik nik 36211 Aug 25 04:17 ./files/forumdisplay.php.encrypted
-rw-rw-rw- 1 nik nik 295618 Aug 25 04:17 ./files/fsbackup-1.2pl2.tar.gz.encrypted
Step 4:
# python decrypter_v2.py -f ./files/dhcp-mikrotik-static.sh.encrypted
Traceback (most recent call last):
File “decrypter_v2.py”, line 182, in
sys.exit(main(**vars(options)))
File “decrypter_v2.py”, line 150, in main
seed = find_seed(filename)
File “decrypter_v2.py”, line 65, in find_seed
iv_file, _ = parse_header(filepath)
File “decrypter_v2.py”, line 49, in parse_header
key = f.read(key_sz)
OverflowError: Python int too large to convert to C long
# python decrypter_v2.py -f ./files/forumdisplay.php.encrypted
Traceback (most recent call last):
File “decrypter_v2.py”, line 182, in
sys.exit(main(**vars(options)))
File “decrypter_v2.py”, line 150, in main
seed = find_seed(filename)
File “decrypter_v2.py”, line 65, in find_seed
iv_file, _ = parse_header(filepath)
File “decrypter_v2.py”, line 49, in parse_header
key = f.read(key_sz)
OverflowError: Python int too large to convert to C long
# python decrypter_v2.py -f ./files/fsbackup-1.2pl2.tar.gz.encrypted
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
Hi Radu
Trying to locate second seed in first file from error.list. Seems like script hangs.
The new version accounts for multiple infections and because of this takes significantly longer when finding the seed. It does not hang, please let it finish what it is doing.
Also, please note that this decrypter ONLY works for Linux.Encoder.1. Trying files encrypted with something else will not work. (For example, someone sent me a file encrypted with TeslaCrypt; won’t work)
Hi Radu.
How I can detect encrypted with Linux.1.Encoder?
Radu. I have decoded about 70% of files. 30% were encoded at the same time, so I think it is Linux1.Encoder too. Just maybe other seed. But script (finding seed in first file) is working more than 1 hour. Is that normal? Size of file is 5832 bytes.
Aidus, I sent you a mail for further info
[…] Linux Ransomware Debut Fails on Predictable Encryption Key […]
IT WORKED !!!!!!
[…] “We looked into the way the (AES) key and initialisation vector are generated by reverse-engineering the Linux.Encoder.1 sample in our lab,” crypto geek Radu Caragea says. […]
Radu, sorry, don’t see email from you.
Same here… it seems that step 4 isn’t working at all… It says Timestamp not found or it hangs for hours…is there a solution?
In the most cases I can use the number that is displayed before the file in step 3 use the first numbers as seed to the dot. but sometimes it doesn’t and then I have to use step 4 but it wont work =/
[…] la conception du malware, ce qui rend la clé de déchiffrement prédictible. Ils ont donc sorti un petit outil qui vous permettra de récupérer vos fichiers sans avoir à […]
Upon executing decrypter.py I get this error message:
ImportError: No module named Crypto.Cipher I am running python 2.7.7 and I have python-dev package installed. Any ideas?
[…] to encounter this but bidefender team has come up with a better solution http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/ .. this is what bitdefender sites talk […]
[…] Details for performing the decryption are available on the company's website. […]
[…] En Bitdefender han liberado un script de forma gratuita, con las instrucciones de uso para poder descifrar los datos. […]
Sorry, but, i dont understand the step-by-step walkthrough, i am in aws, and i have magento files cryption, i can´t mount another instance. What I really have to do? Sorry for my ignorance. Very limited. And I have no help from outside.Thanks in advance for the help.
[…] http://labs.bitdefender.com/2015/11/…ncryption-key/ Is Untangle.com still on magento? Also, this attack is really poorly implemented but it can still wreak some havoc. Rob Sandling, BS:SWE, MCP NexgenAppliances.com Phone: 866-794-8879 x201 Email: support@nexgenappliances.com Reply With Quote […]
Sysadm, Don’t know which Linux distro you have, but on Debian and alike systems it means just “apt-get install python-crypto” or something similar.
Also, I’m happy to report that I managed to decrypt all our files with the help of this particular script made by Bitdefender team. Thank You, it works.
My files say .gpg instead of .encrypted. Changing the script to look for gpg I get the first file to have been encrypted. Running the decrypter I only get memoryerror on line 49 (key = f.read(key_sz)
Ubuntu 14.04 – already installed python-crypto, pip freeze shows pycrypto==2.6.1
I have only backup a part of encrypted files before reinstall the server. There is no way to decrypt only files I still have?
My backup file in cPanel is infected. Can I download the backup and use your tool on a local machine? I’m not familiar with pyton or linux.
[…] Bitdefender Labs has published a decryption tool for this, it won’t necessarily work in all […]
[…] Bitdefender Labs has published a decryption tool for this, it won’t necessarily work in all […]
[…] Bitdefender LABS munkája nyomán elérhető a dekódoló eszköz, ami automatikusan helyreállítja az érintett fájlokat. Fontos […]
SysAdm, you have a system configuration problem most likely. So sorry, I can’t help you with that.
Gera, you need the original filesystem (with the original timestamps) to be able to decrypt files
[…] FAIL ! Un ransomware Linux sévit ! mais ses développeurs utilisent rand(time()) comme PRNG […]
[…] slip has allowed security firm BitDefender to release a free tool to unlock the encrypted files without having to resort to payment to criminals. Dr Web also offers […]
Hi, i am running in the following error while decrypting
Traceback (most recent call last):
File “./decrypter.py”, line 182, in
sys.exit(main(**vars(options)))
File “./decrypter.py”, line 156, in main
decrypt_files(seed, filelist, errorfilelist)
File “./decrypter.py”, line 127, in decrypt_files
if decrypt_file(d, filepath):
File “./decrypter.py”, line 98, in decrypt_file
with open(decrypted_path, ‘wb’) as f:
IOError: [Errno 13] Permission denied: ‘/srv/www/magento_3e/peler/phpmailer.zip’
so there is a file wich the decrypter can not access – what solution do you suggest?
Many thanks
Bertil, you do not have permissions for that directory. It says that it can’t create a new file with that path in order to write the decrypted content inside. Fix the permissions or run as a privileged user.
I wanted to thank you for creating this wonderful tool. I managed to run it on my server with the help of Sucuri team. Thanks again!
Javad, good to know you got your files back!
Is prycrypto required to run the script?
Hi, my problem is that I dont have the first encrypred file/timestamp anymore. So I am trying to go backwards in the filechangedtime fron an enrypted file I still have by changing
ts = int(os.path.getmtime(filepath))
to
ts = int(os.path.getmtime(filepath)) – 3600 * x
I am realy no expert im python, so I would like to ask you, if I understood the script right and if this will work. Thanks for your Time an afford.
Jeli, you first need to find the timestamp (seed).
If this file was encrypted among the first 10000 files within 3600 seconds of modification time it should find the timestamp. That is what the “find_seed” function does. So if you think that the file you require is among the first 10000 encrypted then you can try the step to find the seed on it. (You can add a print for the “i” variable at line 71 to see the search progress)
But if you copied the file from somewhere else it will not work (the modification time changes)
[…] slip has allowed security firm BitDefender to release a free tool to unlock the encrypted files without having to resort to payment to criminals. Dr Web also offers […]
[…] Update: 6:09 p.m. ET: Bitdefender has published a blog post stating that the ransomware that is the subject of this post contains a flaw that let the company decrypt files that were encrypted by this malware. See their post here. […]
[…] Vilket betyder att det är lätt för säkerhetsföretag att hitta den och låsa upp filerna igen. Bitdefender har redan släppt ett gratis script som gör det åt dig. Även Mac OS X har fått sitt första […]
[…] Vilket betyder att det är lätt för säkerhetsföretag att hitta den och låsa upp filerna igen. Bitdefender har redan släppt ett gratis script som gör det åt dig. Även Mac OS X har fått […]
[…] Bitdefender and Dr. Web have developed such tools, but Dr. Web’s service is only available to the company’s […]
Hello,
Many thanks!
It worked like a charm in a infected server. It has saved many work hours to us
[…] the encryption key. Specifically, as the anti-virus company Bitdefender reported, the “AES key is generated locally on the victim’s computer. … rather than generating secure random keys and IVs [initialization vector], the sample […]
[…] the encryption key. Specifically, as the anti-virus company Bitdefender reported, the “AES key is generated locally on the victim’s computer. … rather than generating secure random keys and IVs [initialization vector], the sample […]
[…] to beget a encryption key. Specifically, as a anti-virus association Bitdefender reported, a “AES pivotal is generated locally on a victim’s computer. … rather than generating secure pointless keys and IVs [initialization vector], a […]
[…] the encryption key. Specifically, as the anti-virus company Bitdefender reported, the “AES key is generated locally on the victim’s computer. … rather than generating secure random keys and IVs [initialization vector], the sample […]
[…] Read more here: http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/ […]
hi I’ve tried the same feature. although my server is still accessible as the infection ran as a vhost user and was able to infect only that vhosts files.
But I ran the script on one of the file and it says
[!] Seed not found! Timestamps corrupt?
files were corrupted on 4th November aand haven’t been touched since. m running this script today on 18th November.. is that the issue?
any help will be appreciated.
I think in “The million-dollar flaw” paragraph the last line that reads “without having to decrypt it with the RSA PUBLIC key” should be “without having to decrypt it with the RSA PRIVATE key”
Good catch, Nik. Updating now.
[…] family tailored for Linux platforms. After thwarting the massive ransomware infection with the release of a free decryption tool, Bitdefender researchers looked into a number of reports in which the tool was unable to decrypt […]
Kautilya Fadia, I sent you an email to talk further. Check your inbox.
Finally got it working fine.
got all files decrypted. thanks a lot guys.no words enough to thanks. saved our day. I’m happy to provide all I can to track the origin of the issue.
Hello, Are there cases where a FreeBSD system was affected by the virus? Have you tested your tool on a recent FreeBSD? Thanks, Matthias
[…] faille dans le malware permettant de déchiffrer les fichiers après une attaque. Il propose donc un script destiné aux utilisateurs infectés qui souhaiteraient éviter de payer la rançon et récupérer […]
Matthias, the current script only works on the Linux version of the ransomware. It is possible to “port” it to FreeBSD by replacing the rand and __init__ functions in the script with equivalent functionality from the FreeBSD version of srand and rand.
Hi, my files were encrypted (with extension .encrypted) on Nov 4 and never touched or modified since that. Today I ran this script (decrypter.py -f ./.htaccess.encrypted) to find the seed and it says:
[!] Seed not found! Timestamps corrupt?
What can be the issue? Any help will be appreciated.
Radu, to do such a port, one would need to know if the bad guys use the same way of encryption and bits of storing the header of each file; and of course an encrypted file tree for tests. Is there such an attack known already.
Maxim, I’ll drop you an email shortly to help you out.
[!] Seed not found! Timestamps corrupt?
what else can i do?
Radu, CAREGEA, i have the same problem of Maxim and Kautilya.
can you help me:
@Aléssio
what I did to find time stamp is… place sort_files.sh in users home folder…
run this with root user
./sort_files.sh / > sorted_list
then run other instructions from the page.
My Cpanel/WHM server running CentOS 6.7 has been infected. I tried the tool, managed to generate the sorted_list but couldnt get past the decrypter step. Here are my steps.
bash decrypter/sort_files.sh > sorted_list
head -1 sorted_list
1446654520.3479802050 ./.bash_logout.encrypted
./decrypter/decrypter.py -f /home/positive/.bash_logout.encrypted
-bash: ./decrypter/decrypter.py: /usr/bin/python^M: bad interpreter: No such file or directory
What am i missing please?
Hi
I also get “[!] Seed not found! Timestamps corrupt?” error but i’m pretty sure that encrypted file timestamps are not changed. Can somebody help?
Mark, try running with “python ./decrypter/decrypter.py -f /home/positive/.bash_logout.encrypted”
Avo, see inbox.
Thanks Radu, that got it to run but i’m now getting another error. I see the same error was mentioned above but my host seems insistent that the system is all configured correctly.
python ./decrypter/decrypter.py -f /home/positive/.bash_logout.encrypted
Traceback (most recent call last):
File “./decrypter/decrypter.py”, line 8, in
from Crypto.Cipher import AES
ImportError: No module named Crypto.Cipher
Just an update- I transferred my files off the server to a machine running Xubuntu and the script is working. For what ever reason it wouldnt run on centos alongside cpanel. My issue now is similar to others above with seed not found error. I’m pretty sure my timestamps are unaltered as i compressed all the files before transferring and extracted them directly to my xubuntu machine. The created/modified time etc all matches up with my original encrypted files. Would anyone be able to help with this?
Radu!!!! Help me please.
I got
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
But its not changed!
Hi,
my error is :
File “./decrypter/decrypter.py”, line 8, in
from Crypto.Cipher import AES
ImportError: No module named Crypto.Cipher
Please help me!
Hello! Is anybody here? Please, help
Hi, i get a decripter file but not work.
how to decrypt file without a host file using a key.pem?
is possible with openssl? how to? please help me!
python decrypter.py -f ./web/***.ru/public_html/media/media/images/file_32.png.encrypted
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
What me doing?
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
I have tried all above methods.
Hi!
I also have the same problem:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
Hi,
Thx in advance for the help.
I get this message while running decrypter.py:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
The header seems to detect a valid timestamp:
1174721220.0000000000 /var/www/utils(…)encrypted
Thank you for the help!
Sébastien.
it appears that the original flaw with the virus has been modified, as by running the suggested scripts i get the
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
error messages. any updates from bitdefender in eveluating if the prior method of unlocking is even appropriate nay more?
thanks
tom
I get the following Error. Do you have a solution for me?
Traceback (most recent call last):
File “decrypter.py”, line 182, in
sys.exit(main(**vars(options)))
File “decrypter.py”, line 150, in main
seed = find_seed(filename)
File “decrypter.py”, line 65, in find_seed
iv_file, _ = parse_header(filepath)
File “decrypter.py”, line 49, in parse_header
key = f.read(key_sz)
OverflowError: long int too large to convert to int
Hi, I’m also getting:
“[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?”
Do you have any pointers for this?
Hi. We have all of our web sites hosted on our Linux servers encrypted with the Linux.encoder. Your instructions are very clear but as I am fairly new to this I wondered if I needed to backup all the encrypted files first as a precaution before attempting to decrypt the files
I ran the sort_files.sh and then head -1 sorted list and it displayed 0.0000000000 /var/www/vhosts/ns333218.ip-37-187-159.eu/stfinianscc.ie/license.php.encrypted. Should this display a number instead of 0.
I am getting the following errors:
python decrypter.py -f ./LICENSE.txt.encrypted
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
Can you please help me resolve this? I am stuck at this point.
Thanks,
Ram
I’m getting this error:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
Any idea?
Thanks Radu for this script!
I’m getting this error running it to the first line of my sorted.list
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
The attack only affected the /home/user directory, I want to know if the timestamp that we need is the of the first file it did encrypt or the one it did the try to encrypt. I ask that, because the script MAY BE tried to encrypt a file where script doesn’t have permissions to write and if that the case the tiemestamp will be hard to know.
Is there any way to bruteforce the tiemestamp between a range?
I tried running the python decryptor/decrypter.py -f /var/www/vhosts/ns333218.ip-37-187-159.eu/stfinianscc.ie/license.php.encrypted
and got the following.
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
Any thoughts
I just noticed in a previous response that the script only runs with python 2.7. I have python 2.6 installed will I need to update to python 2.7 to run the script
Hi Radu, i am getting the same error during the seed generation as Coder had
Traceback (most recent call last):
File “./decrypter.py”, line 142, in
sys.exit(main(**vars(options)))
File “./decrypter.py”, line 112, in main
seed = find_seed(filename)
File “./decrypter.py”, line 49, in find_seed
key = f.read(key_sz)
OverflowError: Python int too large to convert to C long
I am on Debian jessie. Many thanks for any help!
Hi, this virus has encrypted all my work files. When I try to generate the seed, the script replies:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
How is it possible? I’m not change any files.
Hi Radu
I’m getting this error running it to the first line of my sorted.list
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
I tried it on more lines of the sorted.list but no luck
Can you please help me ?
Now I’ve updated python and rerun script as new and the error is:
OverflowError: Python int too large to convert to C long
How can I to bypass this?
I get the following error:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
It looks like the the timestamps have not been modified by the encryption process as the first file in the list was last modified in 2010, is there another way to find the file with the seed?
I get the following error:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
Is anything else I can do?
Guys, as i understand, there are 2 different script must be. i check the python code, if you has error:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
Possible its another format of encrypted file (function parse_header). Possible, somebody know?
Hi, my files were encrypted (with extension .encrypted) on Dec 30 and never touched or modified since that. Today I ran the script to find the seed and it says:
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
What can be the issue? Any help will be appreciated.
Good news. The new ransomware campaign from Dec 30 has also been cracked. Check the article here for details and decryption utility: http://labs.bitdefender.com/2016/01/third-iteration-of-linux-ransomware-still-not-ready-for-prime-time/
Thanks Radu it works.
Do you think they will update the decrypter to work with a list of file names ?
Radu! Many thanks! The tool works great. Although or servers are used for non-profit means, is there any way we can express our gratitude except making the servers more secure and better backup?
Hello, i have same problem on my hosting.
[!] File is probably truncated
[!] Seed not found! Timestamps corrupt?
I have no root rights… Help pls!!!
@Redheart
take a look at the discussion under the link Radu provided, there is a script that works with the list of files. Hope that helps
Thanks Radek.