Trends in Design of Ransomware Viruses

  • Vlad Constantin CraciunEmail author
  • Andrei MogageEmail author
  • Emil SimionEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


The ransomware nightmare is taking over the internet, impacting common users, small businesses and large ones. The interest and investment which is pushed into this market each month, tell us a few things about the evolution of both technical and social engineering, along with what is to expect in the short-coming future from them. In this paper, we analyze how ransomware programs developed in the last few years and how they were released in certain market segments throughout the deep web via RaaS (Ransomware as a Service), exploits or SPAM, while learning from their own mistakes to bring profit to the next level. We also highlight a set of mistakes that were made, which allowed for total or partial recovery of the encrypted data. We also consider the ransomware authors preference for specific encryption types, encryption key exchange mechanisms and some edge cases of encryption, which may prove to be exploitable in the near future.


Cyber threat Ransomware Cryptography Cyber security 


  1. 1.
    Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). Scholar
  2. 2.
    Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6(1), 77–90 (2010)CrossRefGoogle Scholar
  3. 3.
    Scaife, N., Carter, N., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (2016)Google Scholar
  4. 4.
    Kharaz. A., et al.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 757–772, Austin, TX, USENIX Association (2016). ISBN: 978-1-931971-32-4Google Scholar
  5. 5.
    Sittig, D.F., Singh, H.: A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl. Clin. Inf. 7(2), 624–632 (2016). PMC. Web. 1 October 2018CrossRefGoogle Scholar
  6. 6.
    Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611 (2017)Google Scholar
  7. 7.
    Gómez-Hernández, J.A., Álvarez González, L., García-Teodoro, P.: R-Locker: Thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389–398 (2018)CrossRefGoogle Scholar
  8. 8.
    Andronio, N., Zanero, S., Maggi, F.: HELDROID: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382–404. Springer, Cham (2015). Scholar
  9. 9.
    Lemmou, Y., Souidi, E.M.: Inside gandcrab ransomware. In: Camenisch, J., Papadimitratos, P. (eds.) CANS 2018. LNCS, vol. 11124, pp. 154–174. Springer, Cham (2018). Scholar
  10. 10.
    Young, A.L., Yung, M.M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of the 17th IEEE Symposium on Security and Privacy, pp. 129–141. IEEE, May 1996Google Scholar
  11. 11.
    Kleinjung, T., et al.: Factorization of a 768-bit RSA modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010). Scholar
  12. 12.
    Bernstein, D.J.: The salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008). Scholar
  13. 13.
    Aditya, J., Shankar Rao, P.: Quantum CryptographyGoogle Scholar
  14. 14.
    Lo, H.-K., Ma, X., Chen, K.: Decoy state quantum key distribution. Phys. Rev. Lett. 94, 230504 (2005). (See also “Archived copy”. Archived from the original on 24 December 2015. Retrieved 6 February 2016.)CrossRefGoogle Scholar
  15. 15.
    O’Gorman, G., McDonald, G.: Ransomware: a growing menaceGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceUAIC IASIIaşiRomania
  2. 2.BitdefenderBucharestRomania
  3. 3.University Politehnica of BucharestBucharestRomania

Personalised recommendations