Ransomware
#3
First of all, this is of course not the usual use case for hashcat.
Furthermore, Diskcryptor is probably a legit software just misused by the malware, it's not malware but can be used to encrypt files/disks, I guess.
Therefore, I think you should be more specific on what malware is used. What's the name of the malware ? I guess there are many malicious executables that use DiskCrypto, like those Mamba-like ransomware.

How do you know that the password is "only" 8 to 11 digits long ? My guess is that DiskCryptor accept much longer and complex passwords too. So this must be a limitation by the malicous software itself (not DiskCryptor). How sure are you that it's only numbers of length 8, 9, 10 or 11 ? Are there some resources online about the details of this specific malware that (after reverse engineering) came to the conclusion that there is that hard-coded 9-11 number limit?

I also think that there is probably a password based key derivation function used to generate a key for the encryption algorithm, that means that it could in theory be "similar" to already supported "hash modes" like luks/truecrypt/veracrypt etc. Of course the algorithms could be different, I didn't look into the DiskCrypto source yet.

BTW: I guess you already considered recovering from backups or paying the ransome (I'm not really recommending it but since I heard most users are quite happy with the ransomeware author's support and would recommend paying it - at least for other malware -, some affected users - of other malware - even mentioned that they even got some very good deals/discount after chatting with the support or even some official government sites recommending to pay since it's the only way to get the files back - again for other maybe even more sophisticated malware - Wink )

I don't know how you did your "rough calcs", to do this you would need all the details and know how fast modern GPUs can deal with that specific algorithm... what are the details/facts on what you base your 3-day estimate (again, I didn't look into the details of DiskCryptor yet) ?


Messages In This Thread
Ransomware - by galeforce9 - 12-13-2018, 07:07 PM
RE: Ransomware - by Mem5 - 12-13-2018, 07:56 PM
RE: Ransomware - by philsmd - 12-13-2018, 08:06 PM
RE: Ransomware - by galeforce9 - 12-13-2018, 08:12 PM
RE: Ransomware - by philsmd - 12-13-2018, 09:12 PM
RE: Ransomware - by Xanadrel - 12-14-2018, 12:07 AM
RE: Ransomware - by galeforce9 - 12-14-2018, 10:52 AM
RE: Ransomware - by philsmd - 12-14-2018, 11:06 AM
RE: Ransomware - by galeforce9 - 12-14-2018, 11:30 AM
RE: Ransomware - by Banaanhangwagen - 12-14-2018, 11:38 AM
RE: Ransomware - by galeforce9 - 12-14-2018, 01:05 PM
RE: Ransomware - by Nubbin - 12-17-2018, 05:58 PM
RE: Ransomware - by galeforce9 - 12-17-2018, 11:02 PM
RE: Ransomware - by Banaanhangwagen - 12-21-2018, 08:42 AM