One of our users seems to have been hit by CryptoLocker. As a result, he has a hard drive full of encrypted files. The ransom-ware claims to have used public key encryption on the files.
If we know exact contents of some of the files prior to them being encrypted, would it be feasible to use those files to discover the private key?
If CryptoLocker does its job properly, then no, knowing part of the cleartext will not help you recover the rest. If that helped, then the encryption system would be called weak against known-plaintext attacks. From what I read, it seems that the CryptoLocker authors were competent(*), so no such luck.
(In particular, the asymmetric encryption with RSA-2048 is done only for a random symmetric key, and the bulk of the data is encrypted with a symmetric encryption algorithm like AES, using that key. This is the normal setup of hybrid encryption. This means that if you were to find weaknesses with regards to known plaintext, then you would have to look for them in the symmetric encryption algorithm, not the RSA part. The result, though, is the same: no known way to recover your data. Sorry.)
(*) I am here talking about the encryption. I believe the payment system may leave exploitable traces which would allow law enforcement agencies to track down the perpetrators. But this is likely to involve countries of questionable cooperativeness, so don't put too much hope in this.
