Encrypted cryptowall crypto wall files - any chance I could crack a couple of the files?

A machine got hit with crypto wall.  we have a backup from a couple weeks ago so there's only a few files that were recently updated / created since that backup.  

Don't want to pay the $700 (or actually, anything) to the hackers.

Any chance those few files can be decrypted with today's computers in days or weeks?  Would you crack 1, then get the key and apply it to the other files?

How would I begin to do this?  Can I do it concurrently on a few machines?

thanks!
BeGentleWithMe-INeedHelpAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

☠ MASQ ☠Commented:
If you do crack the key it's the same for all the files.  The problem is that it's a customized AES256 key, you have the public part (it's in the ransom note) the private key that unlocks it is equally long, so the possible combinations are the number of possible characters in one position multiplied by the power of the length of the key in characters.  That is a truly massive number so the chance of cracking it in a sensible time-scale is minuscule.

Honestly not worth bothering, give up on the files and move on.  Learn from the infection.
0
Thomas Zucker-ScharffSolution GuideCommented:
Add you can see from my article,  MASQ was one of the ee members who contributed significantly.  I would take his advice.
http://www.experts-exchange.com/articles/18086/RRansomware-Prevention-is-the-only-solution.html
0
btanExec ConsultantCommented:
agree with the experts, and in experienced of such and seen so much of these queries in EE forum, none has managed to decrypt it unless paid the ransom. I definitely support not paying and work off the backup and clean up those machines. It is not wise to attempt even though there are past decryption services which is still due to "overlooks" or part of intercepted keys - in nutshell, no guarantee at all. One good reference is from BleedingComputer which the EE article also has has more info on recovery steps. Do watch out for your mapped network file and review them as required for those infected machine
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#shares
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

BeGentleWithMe-INeedHelpAuthor Commented:
thanks guys but this is a proof of concept / mental health issue for me.  I dropped the ball on monitoring the backup and that's why they lost the last couple months of data.  For good or bad, it's not that many files, but I still look bad.

But googling 'brute force RSA 2048', seems it's not even weeks / months with today's processors?
0
btanExec ConsultantCommented:
Maybe this can be convincing that it is doable but not worth it to proof something for the sake of it. You can do your some to the no of supercomputer needed with
standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a DigiCert 2048-bit SSL certificate. Or, in other words, a little over 6.4 quadrillion years.
https://www.digicert.com/TimeTravel/math.htm

I stating this as example of illustration purpose and not saying or alluding specific to this provider per se only. The only one to break and able to foot that amount may be this folks
Is it possible that the NSA can go far beyond the state of the art, breaking even encryption believed to be secure? Sure. It can't be ruled out. But it's not the only interpretation of the information that's been leaked so far
http://arstechnica.com/security/2013/09/of-course-nsa-can-crack-crypto-anyone-can-the-question-is-how-much/

There is definitely more literature even from the US NIST standard body but it proof nothing in your case to salvage the data encrypted
http://arstechnica.com/security/2013/09/of-course-nsa-can-crack-crypto-anyone-can-the-question-is-how-much/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BeGentleWithMe-INeedHelpAuthor Commented:
thanks : (
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.