{{Short description|Securing and encrypting virology}} {{Computer hacking}} '''Cryptovirology''' refers to the study of cryptography use in malware, such as ransomware and asymmetric backdoors.{{cn|date=January 2024}} Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. Cryptovirology employs a twist on cryptography, showing that it can also be used offensively. It can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.<ref name=":1">{{Cite book |doi=10.1109/SECPRI.1996.502676 |s2cid=12179472 |chapter=Cryptovirology: Extortion-based security threats and countermeasures |title=Proceedings 1996 IEEE Symposium on Security and Privacy |year=1996 |last1=Young |first1=A. |last2=Moti Yung |pages=129–140 |isbn=0-8186-7417-2 }}</ref>
The field was born with the observation that public-key cryptography can be used to break the symmetry between what an antivirus analyst sees regarding malware and what the attacker sees. The antivirus analyst sees a public key contained in the malware, whereas the attacker sees the public key contained in the malware as well as the corresponding private key (outside the malware) since the attacker created the key pair for the attack. The public key allows the malware to perform trapdoor one-way operations on the victim's computer that only the attacker can undo.
==Overview== The field encompasses covert malware attacks in which the attacker ''securely'' steals private information such as symmetric keys, private keys, PRNG state, and the victim's data. Examples of such covert attacks are asymmetric backdoors. An asymmetric backdoor is a backdoor (''e.g.'', in a cryptosystem) that can be used only by the attacker, even after it is found. This contrasts with the traditional backdoor that is symmetric, ''i.e.'', anyone that finds it can use it. Kleptography, a subfield of cryptovirology, is the study of asymmetric backdoors in key generation algorithms, digital signature algorithms, key exchanges, pseudorandom number generators, encryption algorithms, and other cryptographic algorithms. The NIST Dual EC DRBG random bit generator has an asymmetric backdoor in it. The EC-DRBG algorithm utilizes the discrete-log kleptogram from kleptography, which by definition makes the EC-DRBG a cryptotrojan. Like ransomware, the EC-DRBG cryptotrojan contains and uses the attacker's public key to attack the host system. The cryptographer Ari Juels indicated that NSA effectively orchestrated a kleptographic attack on users of the Dual EC DRBG pseudorandom number generation algorithm and that, although security professionals and developers have been testing and implementing kleptographic attacks since 1996, "you would be hard-pressed to find one in actual use until now."<ref name="sci_amer_klepto">{{Cite news |url=http://www.scientificamerican.com/article/nsa-nist-encryption-scandal |author=Larry Greenemeier |publisher=Scientific American |title=NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard |date=18 September 2013 |access-date=4 August 2016 |archive-date=18 August 2016 |archive-url=https://web.archive.org/web/20160818214711/http://www.scientificamerican.com/article/nsa-nist-encryption-scandal/ |url-status=live }}</ref> Due to public outcry about this cryptovirology attack, NIST rescinded the EC-DRBG algorithm from the NIST SP 800-90 standard.<ref name="nist_abandonment">{{Cite news |url=https://www.nist.gov/news-events/news/2014/04/nist-removes-cryptography-algorithm-random-number-generator-recommendations |work=National Institute of Standards and Technology |title=NIST Removes Cryptography Algorithm from Random Number Generator Recommendations |date=21 April 2014 |access-date=13 July 2017 |archive-date=29 August 2016 |archive-url=https://web.archive.org/web/20160829031025/http://www.nist.gov/itl/csd/sp800-90-042114.cfm |url-status=live }}</ref>
Covert information leakage attacks carried out by cryptoviruses, cryptotrojans, and cryptoworms that, by definition, contain and use the public key of the attacker is a major theme in cryptovirology. In "deniable password snatching," a cryptovirus installs a cryptotrojan that asymmetrically encrypts host data and covertly broadcasts it. This makes it available to everyone, noticeable by no one (except the attacker),{{Citation needed|date=November 2019}} and only decipherable by the attacker. An attacker caught installing the cryptotrojan claims to be a virus victim.{{Citation needed|date=November 2019}} An attacker observed receiving the covert asymmetric broadcast is one of the thousands, if not millions of receivers, and exhibits no identifying information whatsoever. The cryptovirology attack achieves "end-to-end deniability." It is a covert asymmetric broadcast of the victim's data. Cryptovirology also encompasses the use of private information retrieval (PIR) to allow cryptoviruses to search for and steal host data without revealing the data searched for even when the cryptotrojan is under constant surveillance.<ref name="Young and yung book">{{Cite book|author=A. Young, M. Yung|title=Malicious Cryptography: Exposing Cryptovirology|publisher=Wiley|year=2004|isbn=0-7645-4975-8}}</ref> By definition, such a cryptovirus carries within its own coding sequence the query of the attacker and the necessary PIR logic to apply the query to host systems.
==History== The first cryptovirology attack and discussion of the concept was by Adam L. Young and Moti Yung, at the time called "cryptoviral extortion" and it was presented at the 1996 IEEE Security & Privacy conference.<ref name=":1" /><ref name="alexey">{{Cite thesis |last=Korsakov |first=Alexey |title=Cryptovirology and malicious software |date=2014 |degree=Master's thesis |publisher=University of Eastern Finland, department of computer science |url=https://erepo.uef.fi/bitstream/handle/123456789/14337/urn_nbn_fi_uef-20141271.pdf?sequence=1}}</ref> In this attack, a cryptovirus, cryptoworm, or cryptotrojan contains the public key of the attacker and hybrid encrypts the victim's files. The malware prompts the user to send the asymmetric ciphertext to the attacker who will decipher it and return the symmetric decryption key it contains for a fee. The victim needs the symmetric key to decrypt the encrypted files if there is no way to recover the original files (e.g., from backups). The 1996 IEEE paper predicted that cryptoviral extortion attackers would one day demand e-money, long before Bitcoin even existed. Many years later, the media relabeled cryptoviral extortion as ransomware. In 2016, cryptovirology attacks on healthcare providers reached epidemic levels, prompting the U.S. Department of Health and Human Services to issue a Fact Sheet on Ransomware and HIPAA.<ref name="hhsfactsheet">{{Cite web|title=FACT SHEET: Ransomware and HIPAA|url=https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf|access-date=22 July 2016|publisher=HHS|archive-date=13 April 2018|archive-url=https://web.archive.org/web/20180413151407/https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf|url-status=live}}</ref> The fact sheet states that when electronic protected health information is encrypted by ransomware, a breach has occurred, and the attack therefore constitutes a ''disclosure'' that is not permitted under HIPAA, the rationale being that an adversary has taken control of the information. Sensitive data might never leave the victim organization, but the break-in may have allowed data to be sent out undetected. California enacted a law that defines the introduction of ransomware into a computer system with the intent of extortion as being against the law.<ref>SB-1137 that amends Section 523 of the Penal Code.</ref>
==Examples== ===Tremor virus=== While viruses in the wild have used cryptography in the past, the only purpose of such usage of cryptography was to avoid detection by antivirus software. For example, the tremor virus<ref>{{Cite web|url=https://www.f-secure.com/v-descs/tremor.shtml|title=Tremor Description | F-Secure Labs|website=www.f-secure.com|access-date=2 March 2021|archive-date=24 June 2021|archive-url=https://web.archive.org/web/20210624205759/https://www.f-secure.com/v-descs/tremor.shtml|url-status=live}}</ref> used polymorphism as a defensive technique in an attempt to avoid detection by anti-virus software. Though cryptography does assist in such cases to enhance the longevity of a virus, the capabilities of cryptography are not used in the payload. The One-half virus was amongst the first viruses known to have encrypted affected files.
===Tro_Ransom.A virus=== An example of a virus that informs the owner of the infected machine to pay a ransom is the virus nicknamed Tro_Ransom.A.<ref>{{Cite web|url=http://www.sophos.com/security/analyses/viruses-and-spyware/trojransoma.html|title=Sophos Security Labs: Real-Time Malware Threat Prevention|access-date=23 May 2008|archive-date=10 May 2008|archive-url=https://web.archive.org/web/20080510053521/http://www.sophos.com/security/analyses/viruses-and-spyware/trojransoma.html|url-status=dead}}</ref> This virus asks the owner of the infected machine to send $10.99 to a given account through Western Union.<br> Virus.Win32.Gpcode.ag is a classic cryptovirus.<ref>{{Cite web|url=https://securelist.com/|title=Securelist|website=securelist.com|access-date=2 March 2021|archive-date=7 April 2015|archive-url=https://web.archive.org/web/20150407143104/http://securelist.com/|url-status=dead}}</ref> This virus partially uses a version of 660-bit RSA and encrypts files with many different extensions. It instructs the owner of the machine to email a given mail ID if the owner desires the decryptor. If contacted by email, the user will be asked to pay a certain amount as ransom in return for the decryptor.
===CAPI=== It has been demonstrated that using just 8 different calls to Microsoft's Cryptographic API (CAPI), a cryptovirus can satisfy all its encryption needs.<ref>{{Cite journal |doi=10.1007/s10207-006-0082-7 |title=Cryptoviral extortion using Microsoft's Crypto API |year=2006 |last1=Young |first1=Adam L. |journal=International Journal of Information Security |volume=5 |issue=2 |pages=67–76 |s2cid=12990192 }}</ref>
==Other uses of cryptography-enabled malware== Apart from cryptoviral extortion, there are other potential uses of cryptoviruses,<ref name="Young and yung book"/> such as deniable password snatching, cryptocounters, private information retrieval, and in secure communication between different instances of a distributed cryptovirus.
==See also== * Goat file ==References== {{Reflist}} <!-- Unused references * {{Cite conference|author=A. Young, M. Yung|title=The Dark Side of Black-Box Cryptography, or: Should we trust Capstone?|book-title=Proceedings of Crypto '96|editor=Neal Koblitz|publisher=Springer-Verlag|pages=89–103|year=1996|id=LNCS 1109|doi=10.1007/3-540-68697-5_8}} * {{Cite conference|author=Z0mbie|title="DELAYED CODE" technology (version 1.1)|book-title=white paper|year=2000|url=http://vx.netlux.org/lib/vzo23.html}} * {{Cite conference|author=A. Young, M. Yung|title=Kleptography: Using Cryptography Against Cryptography|book-title=Proceedings of Eurocrypt '97|editor=W. Fumy|pages=62–74|publisher=Springer-Verlag|year=1997|id=LNCS 1233|doi=10.1007/3-540-69053-0_6}} * {{Cite conference|author=A. Young, M. Yung|title=On Fundamental Limitations of Proving Data Theft|book-title=IEEE Transactions on Information Forensics and Security, 1(4)|pages=524–531|year=2006|url=https://ieeexplore.ieee.org/document/4014112|doi=10.1109/TIFS.2006.885025}} -->
==External links== {{Wiktionary|cryptovirology|cryptovirus}} * {{Cite web |url=http://www.cryptovirology.com |title=Cryptovirology Labs – Site maintained by Adam Young and Moti Yung |archive-url=https://web.archive.org/web/20200918175406/http://cryptovirology.com/ |archive-date=18 September 2020 |url-status=dead}} * {{Cite web |url=http://vxheaven.org/lib/?index=CR&lang=EN |title=Cryptography and cryptovirology articles – Computer viruses |work=VX Heavens |archive-url=https://web.archive.org/web/20150203150035/http://vxheaven.org/lib/?index=CR&lang=EN |archive-date=3 February 2015 |url-status=dead }} * {{Cite web |url=http://www.eweek.com/article2/0,1759,1937408,00.asp?kc=EWRSS03119TX1K0000594 |archive-url=https://archive.today/20130122150431/http://www.eweek.com/article2/0,1759,1937408,00.asp?kc=EWRSS03119TX1K0000594 |url-status=dead |archive-date=January 22, 2013 |title=Cryzip Trojan Encrypts Files, Demands Ransom }} * {{Cite web |archive-url=https://web.archive.org/web/20070127224622/http://www.evilbitz.com/2006/12/09/an-intriguer-virus/ |archive-date=27 January 2007|title=Can a virus lead an enterprise to court? |url=http://www.evilbitz.com/2006/12/09/an-intriguer-virus/ |url-status=dead }} * {{Cite web |archive-url=https://archive.today/20061109123834/http://www.delectix.com/articles/malware/superworms-and-cryptovirology/ |url=http://www.delectix.com/articles/malware/superworms-and-cryptovirology/ |title=A student report entitled 'Superworms and Cryptovirology' |archive-date=9 November 2006 |url-status=dead }} * {{Cite web |url=http://www.rosiello.org/archivio/Next_Virus_Generation.ppt |title=Next Virus Generation: an Overview (cryptoviruses) |archive-url=https://web.archive.org/web/20101025212456/http://www.rosiello.org/archivio/Next_Virus_Generation.ppt |archive-date=25 October 2010 |website=rosiello.org |author=Angelo P. E. Rosiello |url-status=dead}}
Category:Computer viruses Category:Cryptography