Some of the world's leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed.
Despite law enforcement efforts to disrupt ransomware operations, the prevalence of such programs continued to grow last year, according to a report published Thursday by antivirus vendor F-Secure.
A family of ransomware programs known as Browlock, which impersonates police agencies and asks users to pay fictitious fines in order to regain control of their computers, was one of the top 10 PC threats during the second half of 2014, according to F-Secure's statistics. An increase was also observed among the ransomware threats for Android phones.
While Browlock only prevents users from accessing their desktop, there are other ransomware programs that are much more aggressive and hard to recover from. These threats include Cryptolocker, CryptoWall, and CTB-Locker, which encrypt users' files with strong cryptographic algorithms, making it impossible to recover them in the absence of unaffected backups or without paying for the decryption keys.
In what is almost a testament to how audacious and effective these threats are, there have already been several cases of police departments being forced to pay criminals to decrypt their files.
"I think it's a very serious problem," said Adi Shamir, co-inventor of the widely used RSA cryptosystem, when asked about ransomware on a discussion panel at the RSA security conference earlier this week. "It's going to stay with us and we need to think about new techniques to stop it."
Shamir believes that ransomware is an area where the security community failed "in a miserable way," because there are no good products to protect against it. And this is just the beginning, he thinks.
Today ransomware can affect your PC or your mobile phone, but it's only a matter of time until your smart TV and other Internet of Things devices will also be held to ransom, he said.
That time is probably not too far in the future. F-Secure noted in its report the emergence last year of a ransomware program called SynoLocker that infected network-attached storage (NAS) devices made by a company called Synology.
Most file-encrypting ransomware threats use public-key cryptography, where the data is encrypted with a public key that's part of a public-private key pair. Recovering this public encryption key from infected systems does not help, because only the private key, which attackers retain on their servers, can be used to decrypt the data.
Public-key cryptography underpins some of the Internet's most widely used security protocols including SSL/TLS and GPG.
When introducing the topic of ransomware, the RSA panel's moderator, Cryptography Research President Paul Kocher, described it as "the pure evil incarnation of public-key cryptography."
MIT professor Ron Rivest, co-inventor of RSA with Shamir and Leonard Adleman, noted that while cryptography is used mostly for good, as most technologies, it can also be used for bad.
Despite knowing this, the abuse of the RSA algorithm by many ransomware programs, makes him feel "sort of like a mother whose son was brainwashed and left to become a jihadist in Syria," he said.
The ransomware problem is not restricted to attackers encrypting other people's data, said Whitfield Diffie, one of the pioneers of public-key cryptography. In order to do pull off a ransomware attack, criminals need to first penetrate someone's computer and use some sort of exploit, he said.
Once an attacker has that level of access on a system, even if the potential data loss problem is solved, they will find something else to blackmail the user with, he said.
Another thing to point out is that the ability of ransomware creators to extort money from users depends in part on anonymous payments, Rivest said. Anonymous communications between people is essential for democracy, but the value of anonymous payments is debatable, he said.
Most file-encrypting ransomware programs require payments to be made in Bitcoin.
The abuse of encryption algorithms is certainly not going to stop cryptographic research and advances. However, it will be interesting to see if the ransomware problem will make its way into the rhetoric of government officials, who are increasingly pushing for ways to bypass encryption so that police and intelligence agencies can perform lawful intercepts.