Tor is the household name in anonymous networks but the system has vulnerabilities, especially when it comes to an attacker finding out who is sending and receiving messages. Researchers at MIT and the École Polytechnique Fédérale de Lausanne think they have found a better way in a system called Riffle. You can dig into the whitepaper but the MIT news article does a great job of providing an overview.
The strength at the core of Tor is the Onion Routing that makes up the last two letters the network’s name. Riffle keeps that aspect, building upon it in a novel way. The onion analogy has to do with layers of skins — a sending computer encrypts the message multiple times and as it passes through each server, one layer of encryption is removed.
Riffle starts by sending the message to every server in the network. It then uses Mix Networking to route the message to its final destination in an unpredictable way. As long as at least one of the servers in the network is uncompromised, tampering will be discovered when verifying that initial message (or through subsequent authenticated encryption checks as the message passes each server).
The combination of Mix Networking with the message verification are what is novel here. The message was already safe because of the encryption used, but Riffle will also protect the anonymity of the sender and receiver.
During your travels around the World Wide Web (or if you’re a House of Cards fan), you may have heard the TOR (The Onion Router) network of servers mentioned. This network was initially developed by the U.S. Navy as a way to anonymously browse the Internet. When used in that manner, the TOR network is a great concept and a lifeline for some users. However, for others, TOR is an enigmatic network with suspected links to hackers and other illegal activities.
In some countries, especially where people are under the control of strict government regimes and censorship, TOR can be crucial to sending and receiving important news. Unfortunately, over the years TOR has gained the reputation of being referred to as the “Dark Web.” This is mainly due to nefarious activities that can be hidden because of the anonymity it offers its users. One of these is the increase in TOR ransomware activity along the network.
The current version of TOR that we've all come to know is a software tool developed by the TOR Project, which is a nonprofit organization that receives most of its funding from the U.S. Government. You might think it would be counterintuitive for the government to fund such projects, especially in light of recent news, including claims that the government is keeping tabs on the internet activities of US citizens. However, the government realizes the importance of TOR for promoting democracy in oppressed nations.How Does TOR Operate?As its actual name suggests, The Onion Router uses "onion routing" to keep a user’s activity concealed. This is accomplished through encryption that takes place in the application layer of the TCIP stack, not once, but several times. The result is that the user’s information is safely encrypted within onion-like layers of insulation. This insulation makes it virtually impossible to track a user’s identity or where that user goes on the Internet when using the TOR browsers. Picture: How does TOR workUnfortunately, the TOR network is not entirely foolproof. There always remains a slight possibility that an adversary could gain access and decrypt a user’s information. This often occurs through vulnerabilities that exist on the user’s machine, especially if they haven't kept up with the latest software updates. Such vulnerabilities can also lead to malware infections from less-than-stellar inhabitants of TOR.
Figure: TOR uses a routing method called Onion routing. Much like an onion, each message is covered with layers of encryption.Taking the Bad with the Good
While the original intent of TOR was all for the good of humanity, it has indeed become a playground for those who want to hide less savory activities. TOR activity frequently pops up in investigations concerning child pornography, illegal arms trading, and drug trafficking, as the bad guys use TOR to host websites that are only accessible by other TOR users.Connection between TOR and RansomwareThe anonymity of TOR makes it the perfect place for hackers who want to hide behind its cloak. Hackers who use ransomware extort money from computer users who accidentally download this type of malware. Infection can occur when users surf the normal Internet, or when an infected email attachment is opened; it can be completely anonymous.
If a user’s computer has been infected by ransomware, it may be rendered useless, along with any other computers that exist in its network. Files on infected computers can be decrypted and rendered useless to the user(s). When a business has fallen victim to TOR ransomware, it could mean that important information has been lost. This could equate to a major security breach, in addition to a significant financial hit to the business. These targeted businesses may not always be able to rely on computer backups or other safeguards that were supposedly protecting their crucial information. This could leave them at the mercy of the hacker.The anatomy of a ransomware attackTypes of Ransomware That Use TOR?Once a user’s computer has been infected by TOR Ransomware, the tipoff that the hacker is hiding out on TOR is that part of the ransom message will include a link that ends with “.onion.” Often, the hacker will direct you to a TOR site where you’ll be required to pay for the decryption of your files. The problem is, once payment's been made, there's no way to trace to whom the payment was sent; the hacker could very well make off with the ransom and not decrypt the encrypted files.
Some of the types of ransomware that utilize TOR are:CryptoWallCryptoLockerTeslaCryptTorrentLockerCTB-LockerOnion RansomwareIn desperation, you may wind up paying for tools that offer the promise of removing the ransomware from your computer, only to find out you've been victimized yet again. If you find yourself at the mercy of TOR ransomware, your best bet is to work with a professional to attempt to gain access to your files before resorting to paying a ransom.