Home Tags AES

Tag: AES

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil.

This sample is what could be considered as the “father” of other XPan ransomware variants.

A considerable amount of indicators within the source code depict the early origins of this sample.

A free decryption tool is now available for all Bart ransomware...

Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victi...

PetrWrap: the new Petya-based ransomware used in targeted attacks

This year we found a new family of ransomware used in targeted attacks against organizations.

After penetrating an organization's network the threat actors used the PsExec tool to install ransomware on all endpoints and servers in the organization.

The next interesting fact about this ransomware is that the threat actors decided to use the well-known Petya ransomware to encrypt user data.

Kauai is moving from diesel generators to renewable energy with help...

Shipping fuel is expensive, so why not generate it from energy sources found locally?

Largest grid-tied lithium ion battery system deployed today in San Diego

CA Public Utilities Commissioner: "We are far in advance of where we expected to be."

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor.

The attack compromised their devices and exfiltrated data to the attackers’ C&C.
In addition, the compromised devices were pushed Trojan updates.

The operation remains active at the time of writing this post.

Apricorn Aegis Secure Key 3z hardware-encrypted flash drive

256-bit AES XTS hardware encryption security at entry-level pricing

Satan enters roll-your-own ransomware game

Code named for Prince of Darkness offers commissions for spreading evil Satan is infecting computers, encrypting files and demanding ransoms. No, we're not talking about the prince of darkness itself, but an underground ransomware service bearing its name.
It's devilish code: net demons wielding it can create a customised ransomware payload that will encrypt a victim's files with RSA-2048 bit and AES-256 bit encryption. Those Satan enslaves are directed through the many circles of the Tor network in order to pay a bitcoin ransom that varies in size. The Satan ransomware is available openly on the Tor network and presents punters with a slick form through which the malware is customised. The established malware researcher known as Xylitol reported the malware El Reg ignored VXers' constant pleas "not upload malware to VirusTotal" by promptly uploading the ransomware to VirusTotal, finding that it was detected by about half of antivirus scanners, although this number can differ thanks to heuristics and other antivirus dynamic checks not covered by the lauded online security service. Malware that is uploaded to VirusTotal is at risk of being discovered by anti-virus engines and security researchers. Should you choose to spread the word of Satan, the hell-code's authors claim to take a 30 per cent cut of any ransoms paid to customers. "The bitcoin paid by the victim will be credited to your account. We will keep a 30 percent fee of the income … [which] will become lower depending on the number of infections and payments you have." The service will help customers encrypt their files and wrap it in Word document macros and installers.
It is up to customers to decide how to disseminate the malware, but most arrive by phishing. Create your malware.
Satan's panels. Satan is not alone in its evil ways: other ransomware-as-a-service offerings including a JavaScript-based instance have been uncovered. Many ransomware variants have been undone by white hat hackers working under the No More Ransom Alliance to find and exploit holes in the malware that allows free file decryption. The Alliance unifies previously un-co-ordinated ransomware reversal efforts.

The Reg expects it won't be long before the Alliance's forces are arrayed against Satan's in an effort to unravel its encryption and bring the good word to the afflicted. ® Sponsored: Customer Identity and Access Management

Google Cloud Platform finally offers key management service

Google is finally giving administrators the ability to manage their encryption keys in Google Cloud Platform (GCP) with its Cloud Key Management Service (KMS). Google is the last of the three major cloud providers to provide the key management service, as Amazon and Microsoft already have similar offerings. The Cloud KMS, currently in beta, helps administrators manage the encryption keys for their organization without having to maintain an on-premise key management system or deploy hardware security modules. With Cloud KMS, administrators can manage all the organization's encryption keys, not only the ones used to protect data in GCP. Administrators can create, use, rotate, and destroy AES-256 symmetric encryption keys via the Cloud KMS API. Multiple versions of a key can be active at any time for decryption, but only one primary key version can be used for encrypting new data. The rotation schedule can be defined to automatically generate a new key version at fixed time intervals. There's also a built-in 24-hour delay when trying to destroy keys to prevent accidental or malicious loss. Cloud KMS integrates with GCP's Cloud Identity Access Management and Cloud Audit Logging services so that administrators can manage permissions for individual keys and monitor usage. Cloud KMS also provides a REST API that allows AES-256 encryption or decryption in Galois/Counter Mode, which is the same encryption library used internally to encrypt data in Google Cloud Storage. AES GCM is implemented in the BoringSSL library maintained by Google, and the company continually checks for weaknesses in the encryption library using several tools, "including tools similar to the recently open-sourced cryptographic test tool Project Wycheproof," said Google product manager Maya Kaczorowski on the Google Cloud Platform blog. Compared to AWS and Windows Azure, GCP has lagged in encryption. Amazon introduced customer-supplied encryption keys (CSEK) to AWS customers for its S3 service in June 2014, and it introduced the AWS Key Management Service later that year. Microsoft added CSEK via Key Vault in January 2015. Google began offering CSEK in June 2015 and is only now rolling out Cloud KMS. Google Cloud Storage manages server-side encryption by default, and administrators have to specifically select "Cloud Key Management Service" to manage the keys in the cloud service, or "Customer Supplied Encryption Keys" to manage the keys on-premise. CSEK is also available with Compute Engine. Kaczorowski said organizations in regulated industries, such as financial services and health care, can benefit from hosted key management services "for the ease of use and peace of mind that they provide." However, administrators should evaluate whether the convenience is worth the possibility that if the government has a legal order compelling Google to provide information about the keys, the company will have to comply because it has access to all the keys managed by the service. There's another potential hiccup for administrators to consider if the organization gathers personal information from Europeans. The European General Data Protection Regulation applies to European personal data, regardless of where it is stored in the world, and regulators in the past have recommended not storing encryption keys with the same cloud provider. If the key is kept securely with the organization, the cloud provider can't do anything beyond just maintaining access to and availability of the data. Using GCP and Cloud KMS simultaneously may or may not be acceptable to European regulators. "Encryption is only effective is you separate the encrypted data from the key storage. Using the same vendor, be it AWS or Google to store the keys and data still raises compliance and security challenges for many businesses,” said Pravin Kothari, founder, chairman, and CEO of cloud encryption company CipherCloud. 

43% off Microsoft Wireless Desktop 900 Keyboard and Mouse Bundle –...

The Wireless Desktop 900 keyboard from Microsoft has quiet-touch keys and customizable buttons for access to the Windows features you use most.

The full-size ambidextrous mouse provides comfortable, precise navigation.

The Wireless Desktop 900 also includes Advanced Encryption Standard to help protect your information by encrypting your keystrokes.

Both the keyboard and the mouse have an average battery life of 2-years.

The typical list price of $50 has been reduced to $28.28, making this a good deal on Amazon where it averages 4.5 out of 5 stars (read recent reviews) from over 140 reviewers.  See it now on Amazon. This story, "43% off Microsoft Wireless Desktop 900 Keyboard and Mouse Bundle - Deal Alert" was originally published by TechConnect.

Google Introduces New Cloud Encryption Key Management Service

The new Google Cloud Platform service will allow enterprises to create, use and rotate encryption keys to protect their data, company says. Organizations looking for an alternative to managing data encryption keys in-house now have a new option to consider.Google this week rolled out a new cloud hosted key management service for enterprise customers of its cloud platform.

The service is available starting this week in beta form in about 50 countries, including the U.S., Australia, Canada, Germany, Netherlands and Denmark.Google cloud KMS is designed to help organizations create, use, rotate and destroy AES-256 standard symmetric encryption keys for protecting data in cloud environments.

The service eliminates the need for enterprises, especially those in regulated sectors such as health care and finance, to maintain custom-built or ad-hoc systems for managing the keys used to encrypt their data, according to the company."With Cloud KMS, you can manage symmetric encryption keys in a cloud-hosted solution, whether they’re used to protect data stored in [Google Cloud Platform] or another environment," Google product manager Maya Kaczorowski, announced on the Google Cloud Platform blog this week. For instance, organizations can use the service to manage the keys used for encrypting user credentials and API tokens associated with applications stored outside the Google cloud. The Cloud KMS service is directly integrated with Google's Cloud Identity Access Management and Cloud Audit Logging services so organizations they have greater control over their keys, Kaczorowski added.Google's new key management service allows enterprises to store and manage literally millions of encryption keys in a cloud environment.

They can set the service to automatically rotate keys at regular intervals and limit the amount or scope of data that can be accessed via a single key version in order to minimize exposure in the event of a security compromise.Google Cloud KMS fills a gap in the company's encryption and key management service offerings.

Google, which is a big proponent of end-to-end encryption on the Internet, currently encrypts all customer data at rest on its cloud servers, by default.It also offers a service that enables enterprises to encrypt data in Google's cloud using keys that are owned and managed by the enterprises rather than by Google.

Google says its customer supplier encryption keys (CSEK) option is designed for enterprises with stringent data privacy and security requirements.This week’s newly introduced key management service falls between the default encryption and the CSEK options and broadens the available choices for enterprises, Kaczorowski said.Pricing for Google's Cloud Key Management Service is based on the number of active keys an enterprises stores and how often the keys are used to encrypt and decrypt data.

The price for active key versions is $0.06 per key per month, while the rate for using the key starts at $0.03 per 10,000 operations.So an organization that stores 500 encryption keys in Google cloud KMS and use them for a total of 100,000 operations can expect to pay $30.30, according to a Google price sheet.

Google Cloud unlocks key achievement

Encryption got you down? Google will manage your secrets for you Google on Wednesday introduced its Cloud Key Management Service in beta to help Google Cloud Platform customers deal with their encryption keys. "Cloud KMS offers a cloud-based root of trust that you can monitor and audit," said product manager Maya Kaczorowski in a blog post. "As an alternative to custom-built or ad-hoc key management systems, which are difficult to scale and maintain, Cloud KMS makes it easy to keep your keys safe." Following the disclosures about the scope of online surveillance by former NSA contractor Edward Snowden in 2013, encryption became more important for cloud service providers – particularly encryption that allows customers to control the keys. Google began offering customer-supplied encryption keys (CSEK) in June 2015.

But it hasn't exactly led the way with encryption for cloud customers.

Amazon Web Services introduced CSEK for S3 in June 2014 and in November of that year introduced AWS Key Management Service. Microsoft Azure added CSEK via Key Vault in January 2015. A Google spokesperson wasn't immediately available to discuss the service. Garrett Bekker, an analyst with 451 research, said in a statement provided by Google that KMS "fills a gap by providing customers with the ability to manage their encryption keys in a multi-tenant cloud service, without the need to maintain an on-premise key management system or HSM [hardware security module]." GCP customers can use Cloud KMS to create, use, rotate (at will or scheduled), and destroy AES-256 symmetric encryption keys.

Cloud KMS provides a REST API that can use a key to encrypt or decrypt data. Cloud KMS integrates with Cloud Identity Access Management and Cloud Audit Logging, two related GCP services. Kaczorowski says that Cloud KMS relies on the Advanced Encryption Standard (AES) in Galois/Counter Mode [PDF], a method for high-speed encryption.

Google constantly checks its implementation, residing in its BoringSSL library, using tools like Project Wycheproof, according to Kaczorowski. While key management offers convenience, the tradeoff is security, since service providers can be compelled to turn keys over to authorities when presented with lawful demands. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub