Why is so much ransomware breakable?

Disclosure: I work for one of vendors participating in NoMoreRansom.

Most modern ransomware indeed implements proper cryptography. Earlier versions were using rand() for key generation, seeding the random generators with variants of time() - this is why it was important for successful decryption to know when exactly the infection happened; ideally down to minutes. Those could be decrypted with brute force. But most modern ransomware indeed uses either Windows Crypto API, or bundled crypto libraries.

However, no matter how correctly ransomware is implemented, there is always a weak point - to facilitate decryption, the key(s) have to be stored somewhere. This location could be traced by security companies, who would work together with law enforcement to take it over. Access to the server gives the security company the ability to decrypt the ransomware victims files. This is for example the case with GangCrab ransomware.

It is just a cost/gain question. Ransomware developers generally do not want to build a security tool with all the involved reviewing. They just want the less expensive tool that will allow them to get more money than it cost. Of course, they are probably breakable, but who cares? Provided some of the first victims have paid what they were asked, the attacker gets much more money than they spent. Furthermore, the longer you use one, the higher the risk to be caught if a governmental security agency manages to come into play.

It is more or less what many real-life thieves do when they manage to enter in a random house: take the most valuable things in the shortest possible time and go away.

Things are different both in the real life and IT world for targetted attacks. If you want to attack a bank or a jewelry shop, the gain is expected to be high enough to spend a lot of preparation time. The same when a governmental service attacks a strategic target, they will use higher quality tools. But it is seldom used for random targets.

The obvious answer is that no criminal would want to interact so directly with their victim.

"send the encrypted private RSA key to the attackers"

requires a consistent point of contact.

In the current model, all the communication is one-way and fungible:

  • malware displays a screen instructing the victim to deposit bitcoins (no direct contact)
  • criminals monitor deposits and send email with key (communication is automated and one-way from any disposable intermediary)

The current model works so well, it is one of the top threats worldwide. There are always ways to improve a system, but if it isn't broken, what's the benefit?