, Volume 5, Issue 2, pp 67-76
Date: 08 Mar 2006

Cryptoviral extortion using Microsoft's Crypto API

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access

Abstract

This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data.

Adam L. Young received a B.S. in Electrical Engineering from Yale in 1994 and a M.S. and Ph.D. in Computer Science from Columbia University in 1996 and 2002, respectively. He served as a MTS at Lucent under Michael Reiter, a Principal Engineer at Lockheed Martin, and has conducted research for the US DoD. Adam Young and Moti Yung authored the Wiley book “Malicious Cryptography:Exposing Cryptovirology,” that was published in 2004.