Administrators of Web servers that were infected with a recently released ransomware program for Linux are in luck: There's now a free tool that can decrypt their files.
The tool was created by malware researchers from antivirus firm Bitdefender, who found a major flaw in how the Linux.Encoder.1 ransomware uses encryption.
The program makes files unreadable by using the Advanced Encryption Standard (AES), which uses the same key for both the encryption and decryption operations. The AES key is then encrypted too by using RSA, an asymmetric encryption algorithm.
The RSA algorithm uses a public and private key pair instead of a single key. The public key is used to encrypt data and the private key is used to decrypt it. In the case of Linux.Encoder.1, the RSA public-private key pair is generated on the attackers' servers and only the public key is sent to infected systems and used to encrypt the AES key.
If implemented correctly this process would make it impossible for anyone to decrypt the files without the RSA private key retained by the attackers. However, the Bitdefender researchers discovered that when it generates the AES keys, the malicious program uses a weak source of random data -- the time and date at the moment of encryption.
This time stamp is easy to determine by looking at when the AES key files were created on disk. Therefore, researchers are able to reverse the process and recover the AES keys without needing to decrypt them, making the RSA public and private keys pointless.
The tool created and released by Bitdefender is a script written in Python that determines the initialization vectors and AES encryption keys by analyzing the files encrypted by the ransomware program. It then decrypts the files and fixes their permissions on the system.
"If you can boot your compromised operating system, download the script and run it under the root user," the Bitdefender researchers said in a blog post that also contains detailed instructions on how to use the tool.
This is not the first time ransomware authors have made errors in their implementation of encryption algorithms, allowing researchers to recover affected files. However, based on past incidents, once these errors become known, they get fixed in new versions of the malware programs.
It's safe to assume that we'll soon see a new Linux.Encoder variant that doesn't make the same mistake, or entirely new ransomware programs that target Linux systems. Mac OS X is not immune to this type of threat either, as a security researcher recently demonstrated with a proof of concept.