Symmetric encryption is fine, as long as the malware either fetches it from C&C locations, or generates it randomly and discards it after sending it somewhere safe from the victim. Which is, in fact, how public-key encryption usually works—use PKI to agree on a large symmetric key, then use that for the actual communication.
offline-capable encrypting worm would be similar. The viral payload has the public key of the attacker, and uses that to encrypt a large randomly-generated symmetric key. The public-key-encrypted key is stored along with the data, which has been encrypted by that key. It can only be recovered by giving the attacker the blob of the encrypted-key, so they can decrypt it using their private key, and then provide the unencrypted symmetric key.
This requires communication, but never reveals the private key, and each installation has a unique symmetric key so it can’t be reused for multiple sites. I mean, there must be SOME communication with the attacker, in order to make payment. So, decrypting the key seems like it doesn’t add any real complexity.
Symmetric encryption is fine, as long as the malware either fetches it from C&C locations, or generates it randomly and discards it after sending it somewhere safe from the victim. Which is, in fact, how public-key encryption usually works—use PKI to agree on a large symmetric key, then use that for the actual communication.
offline-capable encrypting worm would be similar. The viral payload has the public key of the attacker, and uses that to encrypt a large randomly-generated symmetric key. The public-key-encrypted key is stored along with the data, which has been encrypted by that key. It can only be recovered by giving the attacker the blob of the encrypted-key, so they can decrypt it using their private key, and then provide the unencrypted symmetric key.
This requires communication, but never reveals the private key, and each installation has a unique symmetric key so it can’t be reused for multiple sites. I mean, there must be SOME communication with the attacker, in order to make payment. So, decrypting the key seems like it doesn’t add any real complexity.