Comparative analysis of various ransomware virii
- 1.7k Downloads
The word ransomware and the associated phenomenon appeared something like 3 years ago, around the year 2005. It shed light on a specific class of malwares which demand a payment in exchange for a stolen functionality. Most widespread ransomwares make an intensive use of file encryption as an extortion mean. Basically, they encrypt various files on victim’s hard drives before asking for a ransom to get the files decrypted. Security related media and some antivirus vendors quickly brandished this “new” type of virii as a major threat for computer world. This article tries to investigate the foundation of these threats beyond the phenomenon. In order to get a better understanding of ransomwares, the study relies on a comparative analysis of various ransomware virii. Based on reverse-engineering while not focused on analysis methodology, a technical review is done at different levels: quality of code, malwares’ functionalities and analysis of cryptographic primitives if any. Our analysis leads us to many interesting approaches and conclusions concerning this phenomenon, and in particular the strength and weakness of used extortion means. We also take advantage of our technical review to stand back and to analyse both the business model associated to these ransomwares and the communication that has been made around them.
KeywordsElliptic Curve Pseudorandom Generator Symmetric Encryption Cryptographic Primitive Infection Vector
Unable to display preview. Download preview PDF.
- 1.Young, A., Yung, M.: Cryptovirology: extortion based security threats and countermeasures. In: IEEE Symposium on Security and Privacy, pp. 129–141. IEEE Computer Society Press, Oakland (1996)Google Scholar
- 2.Josse, S.: White-box attack context cryptovirology. In: Broucek, V., Filiol, E. (eds.) 17th EICAR Annual Conference, Laval, France, An extended version will be published in the EICAR 2008 Special Issue. J. Comput. Virol. 15–45 (2008)Google Scholar