CryptoDefense Flaw

Symantec analyzed the ransomware called CryptoDefense. Apparently, CryptoDefense uses Microsoft’s infrastructure and Windows API to generate the RSA 2048 encryption and decryption keys. The author only hands over the private key to decrypt the data when a $500 ransom is paid in Bitcoin within four days. Unfortunately the author failed to remove the private key, and it can be found in %UserProfile%\Application Data\Microsoft\Crypto\RSA . The author received more than $34,000 worth of bitcoin in just a month, showing the effectiveness of their scam.

Leave a Reply