37C3 – Unlocked! Recovering files taken hostage by

If we know their bitcoin addresses, wouldn't it be possible to blacklist them such that miners would not add these transactions to new blocks? Gone are the days of people mining at home. Mining has become big business requiring large investments. I assume it is much easier to reach the miners then the criminals. Wouldn't it be worthwhile to try and blacklist these addresses?

02:13 🛡 Ransomware typically infects organizations, encrypts files, and demands payment for decryption or to prevent file publication.
03:48 💼 Paying the ransom doesn't guarantee file recovery, and organizations should focus on prevention and security measures.
05:54 💰 Ransomware attacks can lead to financial losses, data loss, reputational damage, and the need to rebuild and secure infrastructure.
09:03 🌐 The Black Basta ransomware group, active since April 2022, has targeted many victims in Germany and earned at least $100 million in Bitcoin payments.
14:38 🔒 Black Basta uses elliptic curve-based cryptography, and a flaw in their implementation allows for filerecovery through reverse engineering.
18:09 🚀 The ransomware's encryption flaw can be exploited by identifying plain text in encrypted files, making recovery possible, especially in VM disk images.
22:30 ⚠ While file recovery works well for larger files, files smaller than 5,000 bytes may be unrecoverable due to the ransomware's encryption strategy.
23:12 🕵 Structures in the first 5,000 bytes are crucial; disc structures like boot sector and partition table can be regenerated, making file recovery manageable.
24:08 🚨 Decryption method for Black Basta ransomware presented; sharing findings with victims and law enforcement to prevent ransom payments.
25:34 🛠 Tools and code for file decryption released on GitHub to help organizations recover their data without paying ransom.
26:30 💻 Importance of proactive cybersecurity highlighted; investing in security measures upfront is more effective than paying later.
27:11 🚫 Recommendations to avoid ransomware: whitelist applications, run signed code, secure partial configurations, scan for exposures, and implement effective patch management.
29:09 🔄 Regularly test and ensure the completeness of backups; having restore capability is crucial in mitigating the impact of ransomware attacks.
30:20 🌐 Ransomware operates as organized crime with separate roles; international collaboration challenges make catching these groups difficult.
31:15 🔐 Black Basta's cryptography flaw discussed; reusing the same keystream allows file recovery, emphasizing the importance of proper encryption practices.

Assuming the ransomware peeps would actually honor their pledge to decrypt when they’re paid, how do they know which key to use for which file? It’s not really feasible for them to phone all keys home after all.

This is amazing! I wonder if they will take on the phobos decryption project going on?

I have a horror-story about ransomware. It's long and very very silly, but it includes them throwing out all the laptops from the entire finance dept because IT told them "it started in finance".

They were the dumbest company I ever worked for. This all happened long after I and the IT manager (a clever, clever guy) walked out the door. The new IT manager (who was only internally promoted because she was sleeping with the entire executive whenever they flew in) immediately "saved money" by cancelling things like the email virus scanner, and the cloud backup. The most vile and stupid human I've ever encountered, I wouldn't cross the street to piss on her if she was burning.

I think they survived, but only because the parent company has deep pockets. They really are a case study in why nepotism doesn't create successful companies.

another idea. this is fun. what about recovering and cracking encrypted files get the original file and then mine it and encrypted again with another algorithm

Genialer interessanter talk ich liebe dieses Jahr die Konferenz mit fast jedem talk mehr, mir fehlt nur noch:
Ein talk von David Kriesel
Eine Erklärung warum ein talk von einem deutschen auf einer deutschen Konferenz auf englisch gehalten wird.
Again another great ccc this year. There are so many Talks i enjoied.
I also love this talk. I dont know why, but i even enjoy the ccc Talks more then some of the las vegas conferences…
But why is this talk in english?
Obviously you can reach way more people by talking in english and i'm really happy Talks in other languages are Part of the ccc conferences and that some angels translate the Talks…
But why are some Talks from germans at a german conferences are hold originally in english?
My 7 year old son watches sometimes the Talks together with me and the reason he enjoys ccc more then Black hat or defcon is the german language.