International Journal of Information Security

, Volume 5, Issue 2, pp 67–76

Cryptoviral extortion using Microsoft's Crypto API

Authors

Special Issue Paper

DOI: 10.1007/s10207-006-0082-7

Cite this article as:
Young, A.L. Int. J. Inf. Secur. (2006) 5: 67. doi:10.1007/s10207-006-0082-7

Abstract

This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion attacks is shown that forces the API caller to demonstrate that an authorized party can recover the asymmetrically encrypted data.

Keywords

Cryptovirus Public key cryptography Hybrid encryption Cryptographic API RSA

Copyright information

© Springer-Verlag 2006