International Journal of Information Security

, Volume 5, Issue 2, pp 67–76

Cryptoviral extortion using Microsoft's Crypto API

Special Issue Paper

DOI: 10.1007/s10207-006-0082-7

Cite this article as:
Young, A.L. Int. J. Inf. Secur. (2006) 5: 67. doi:10.1007/s10207-006-0082-7


This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data.


CryptovirusPublic key cryptographyHybrid encryptionCryptographic APIRSA

Copyright information

© Springer-Verlag 2006

Authors and Affiliations

  1. 1.23 Dudley CourtSterlingUSA