Comparative analysis of various ransomware virii

Abstract

The word ransomware and the associated phenomenon appeared something like 3 years ago, around the year 2005. It shed light on a specific class of malwares which demand a payment in exchange for a stolen functionality. Most widespread ransomwares make an intensive use of file encryption as an extortion mean. Basically, they encrypt various files on victim’s hard drives before asking for a ransom to get the files decrypted. Security related media and some antivirus vendors quickly brandished this “new” type of virii as a major threat for computer world. This article tries to investigate the foundation of these threats beyond the phenomenon. In order to get a better understanding of ransomwares, the study relies on a comparative analysis of various ransomware virii. Based on reverse-engineering while not focused on analysis methodology, a technical review is done at different levels: quality of code, malwares’ functionalities and analysis of cryptographic primitives if any. Our analysis leads us to many interesting approaches and conclusions concerning this phenomenon, and in particular the strength and weakness of used extortion means. We also take advantage of our technical review to stand back and to analyse both the business model associated to these ransomwares and the communication that has been made around them.

This is a preview of subscription content, access via your institution.

References

  1. 1

    Young, A., Yung, M.: Cryptovirology: extortion based security threats and countermeasures. In: IEEE Symposium on Security and Privacy, pp. 129–141. IEEE Computer Society Press, Oakland (1996)

  2. 2

    Josse, S.: White-box attack context cryptovirology. In: Broucek, V., Filiol, E. (eds.) 17th EICAR Annual Conference, Laval, France, An extended version will be published in the EICAR 2008 Special Issue. J. Comput. Virol. 15–45 (2008)

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Alexandre Gazet.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Gazet, A. Comparative analysis of various ransomware virii. J Comput Virol 6, 77–90 (2010). https://doi.org/10.1007/s11416-008-0092-2

Download citation

Keywords

  • Elliptic Curve
  • Pseudorandom Generator
  • Symmetric Encryption
  • Cryptographic Primitive
  • Infection Vector