Researchers Reverse Engineer Latest CryptoBit Ransomware to Decrypt Files

While ransomware threats are evolving to become more aggressive in their attack methods, computer security experts and firms haven't had a lucky break to combat such threats until now. In PandaLabs' latest discovery, the CryptoBit Ransomware threat has a way of being reversed engineered to allow users to recover their files.

As we know, threats like CryptoBit Ransomware are prone to using AES algorithms that employ one key for encryption and decryption of files on an infected machine. What researchers at PandaLabs have found is that CryptoBit uses AES plus RSA encryption, a dual-key model that utilizes a different key for encryption and decryption. With the encryption being a public key and the decryption being a private key, reversal of the methodology would grant a decryption key to unlock or decrypt files on a system affected by CryptoBit. Fundamentally, PandaLabs' anti-malware lab was able to just this through picking apart the operations of CryptoBit.

CryptoBit Ransomware, much like the common actions of other recent crypto-ransomware threats, displays a ransom note telling the user that their files were encrypted, and they must contact the author through email to get the decryption key after paying a 2 Bitcoin amount, which equates to about $850 USD. PandaLabs, in digging into the operation of CryptoBit they found it has an inherent flaw; one that it uses a series of statically compiled routines. The action allows operation with big numbers using the RSA encryption method making it possible to reproduce the RSA encryption algorithm.

CryptoBit Ransomware is a very new threat, one that should not be confused with the older CryptorBit malware that had its heyday in 2014. However, the propagation of threats like CryptoBit is continuing to lead researchers down a path to finding weaknesses within such threats and discover methods to decrypt files without paying significant fees of nearly $1000.

The boldness of CryptoBit Ransomware in asking that victims pay up a fee of $850 USD in a total of 2 Bitcoin is absurd. While many other ransomware threats have had "reasonable" fee amounts ranging from about $200 to $450, all in Bitcoins, draw a picture of what type of hackers or cybercrooks we are encountering.

As the tables turn on ransomware threats when security researchers discover new methods for combating such threats, ransomware authors will continually raise their demanded ransom prices and move toward the side of greed, which may inevitably lead to the slow demise of ransomware. We can only hope such thoughts pan out to be true as ransomware is seeking dominance in the malware game this year so far.