2017
DOI: 10.1007/978-3-319-54876-0_2
|View full text |Cite
|
Sign up to set email alerts
|

Ransomware and the Legacy Crypto API

Abstract: Abstract. Ransomware are malicious software that encrypt their victim's data and only return the decryption key in exchange of a ransom. After presenting their characteristics and main representatives, we introduce two original countermeasures allowing victims to decrypt their files without paying. The first one takes advantage of the weak mode of operation used by some ransomware. The second one intercept calls made to Microsoft's Cryptographic API. Both methods must be active before the attack takes place, a… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
43
0
1

Year Published

2017
2017
2022
2022

Publication Types

Select...
6
1
1

Relationship

1
7

Authors

Journals

citations
Cited by 40 publications
(44 citation statements)
references
References 8 publications
0
43
0
1
Order By: Relevance
“…To the best of our knowledge, the approach of using key-backup to combat ransomware is first proposed by Palisse et al in [19] and independently by Lee et al in [16]. Later, Kolodenker et al presented the first proof-of-concept of this technique with the PayBreak [15] system.…”
Section: Improvementsmentioning
confidence: 99%
“…To the best of our knowledge, the approach of using key-backup to combat ransomware is first proposed by Palisse et al in [19] and independently by Lee et al in [16]. Later, Kolodenker et al presented the first proof-of-concept of this technique with the PayBreak [15] system.…”
Section: Improvementsmentioning
confidence: 99%
“…[33] [32] • CryptoLocker: This is a well-known ransomware, since Sep. 2013. CryptoLocker v3 uses Advanced Encryption Standard (AES)-128 in Cipher Block Chaining (CBC) mode [36] and RivestShamirAdleman (RSA)-2048 for encryption of a header [37]. AES-128 is a symmetric key algorithm with 128-bit keys, and RSA-2048 is an asymmetric encryption algorithm using 2048-bit keys.…”
Section: B Securitymentioning
confidence: 99%
“…After a ransomware incident, these materials are used to recover the files. The first key-escrow based ransomware defense systems are proposed independently by Lee et al [18] and Palisse et al [21] and focused on only the built-in cryptographic APIs. Later, PayBreak [17] extended this technique to include the functions in third-party cryptographic libraries.…”
Section: Defense Techniques: the State Of The Artmentioning
confidence: 99%