Encryption of data can be a powerful security tool. But like other technology tools, in the wrong hands it can be a destructive force. Leading cryptographers are warning that the misuse of encryption is a growing threat — and one that the security community has not done enough to address.
Ransomware is the name given to malware that encrypts data without the owner’s authorization. Cybercriminals can then hold the data hostage, demanding payment for the encryption key needed to decrypt the data and make it available for use again.
Data Held for Ransom
According to InfoWorld, a class of ransomware called Browlock emerged as one of the top 10 threats to PCs in 2014. Browlock programs take control of desktops, then impersonate police agencies, demanding that users pay fictitious fines in order to regain use of their computers.
Other, more powerful and dangerous ransomware programs, with names such as CryptoLocker, use strong encryption on computer files, rendering them unusable without access to the encryption key. Even some police departments have been forced to pay ransom. Ransomware aimed at Android phones is also on the rise, and experts warn that Internet of Things devices can also be subject to these threats.
Ransomware, said cryptographer Adi Shamir, is “a very serious problem,” and an area that the security community has failed “in a miserable way” to address. Paul Kocher, who moderated a recent RSA panel on ransomware, described it as “the pure evil incarnation of public-key cryptography.”
Ransomware Relies on Exploits
Like most modern encryption technology, ransomware usually involves two keys: a public key for encryption and a private key for decryption. Knowledge of the public key does not help to break the private key. Thus, ransomware operators have the ability to extort payments in turn for providing the decryption key.
An important characteristic of ransomware, however, is that it relies on the ability of an attacker to penetrate a system and take at least partial control over it to encrypt data. As cryptographer Whitfield Diffie pointed out, an attacker who gains this level of access can find multiple ways to blackmail the victim.
However, Ron Rivest of MIT noted that ransomware depends in part on anonymous payments, typically using bitcoins. The restrictions on anonymous payments could provide a measure of threat protection.
In the meantime, ransomware is likely to be a growing threat. It’s just one more reason for organizations and their security leaders to concentrate on protecting data against unauthorized access at all times.