Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

Genç, Ziya Alper; Lenzini, Gabriele; Ryan, Peter

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

Genç, Ziya Alper; Lenzini, Gabriele; Ryan, Peter

2018 • In Advances in Cybersecurity 2018

Peer reviewed

Permalink
https://hdl.handle.net/10993/36627

Files Send to Details Statistics Bibliography Similar publications

Files

Full Text

glr2018.pdf

Author postprint (506.34 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink Twitter Linkedin

Details

Keywords :

ransomware; key acquiring; security analysis; malware

Abstract :

[en] To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding the advantages and disadvantages of each method is essential to develop robust defense strategies. In this paper we explain the techniques used by ransomware to derive encryption keys and analyze the security of each approach. We argue that recovery of data might be possible if the ransomware cannot access high entropy randomness sources. As an evidence to support our theoretical results, we provide a decryptor program for a previously undefeated ransomware.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)

Disciplines :

Computer science

Author, co-author :

Genç, Ziya Alper ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Lenzini, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Ryan, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

Language :

English

Title :

Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

Publication date :

2018

Event name :

Central European Cybersecurity Conference

Event date :

15–16 November 2018

Audience :

International

Main work title :

Advances in Cybersecurity 2018

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

FnR Project :

FNR12536861 - No more Cryptographic Ransomware - NoCry, 2018 (15/05/2018-14/09/2018) - Gabriele LENZINI

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 19 September 2018

Statistics

Number of views

188 (14 by Unilu)

Number of downloads

713 (7 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Luciano Bello. 2008. Debian Security Advisory: DSA-1571-1 openssl - predictable random number generator. (13 May 2008). Retrieved July 9, 2017 from http://www.debian.org/security/2008/dsa-1571
Krzysztof Cabaj and Wojciech Mazurczyk. 2016. Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall. Netwrk. Mag. of Global Internetwkg. 30, 6 (Nov. 2016), 14-20.
Vlad Constantin Craciun, Andrei Mogage, and Emil Simion. 2018. Trends in design of ransomware viruses. Cryptology ePrint Archive, Report 2018/598. (2018). https://eprint.iacr.org/2018/598.
Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael. Springer-Verlag, Berlin, Heidelberg.
John R. Douceur, Atul Adya, William J. Bolosky, Dan Simon, and Marvin Theimer. 2002. Reclaiming Space from Duplicate Files in a Serverless Distributed File System. In Proc. of the 22 Nd Int. Conf. on Distributed Computing Systems (ICDCS '02). IEEE Computer Society, Washington, DC, USA, 617-624.
Richard Enbody, Aditya K. Sood, and Pranshu Bajpai. 2018. A key-management-based taxonomy for ransomware. In Proc of the 2018 APWG Symp. on Electronic Crime Research, eCrime 2018, Vol. 2018-May. IEEE Computer Society, Washington, DC, USA, 1-12.
Alexandre Gazet. 2010. Comparative analysis of various ransomware virii. Journal in Computer Virology 6, 1 (01 Feb 2010), 77-90.
Ziya Alper Genç, Gabriele Lenzini, and Peter Y. A. Ryan. 2018. No Random, No Ransom: A Key to Stop Cryptographic Ransomware. In Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2018). Springer International Publishing, Cham, 234-255.
Burt Kaliski. 2000. PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898. (Sept. 2000). https://doi.org/10.17487/RFC2898
Amin Kharraz, William Robertson, Davide Balzarotti, Leyla Bilge, and Engin Kirda. 2015. Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Cham, 3-24.
Haeun Kim, Dongchang Yoo, Ju-Sung Kang, and Yongjin Yeom. 2017. Dynamic ransomware protection using deterministic random bit generator. In Conf. on Application, Information and Network Security (AINS). IEEE, Piscataway, New Jersey, 64-68.
Eugene Kolodenker, William Koch, Gianluca Stringhini, and Manuel Egele. 2017. PayBreak: Defense Against Cryptographic Ransomware. In Proc. of the 2017 ACM on Asia Conf. on Computer and Communications Security (ASIA CCS '17). ACM, New York, NY, USA, 599-611.
MalwrPost. 2016. Technical Analysis of Rush/Sanction Ransomware. (6 April 2016). Retrieved June 07, 2018 from https://malwrpost.wordpress.com/2016/04/06/technical-analysis-of-rush-sanction-ransomware/
Trend Micro. 2016. Network Solutions to Ransomware - Stopping and Containing Its Spread. (8 Sept. 2016). Retrieved July 9, 2018 from https://blog.trendmicro.com/trendlabs-security-intelligence/network-solutions-ransomware-stopping-containing-spread/
Kevin Savage, Peter Coogan, and Hon Lau. 2015. The evolution of ransomware. (6 Aug. 2015). Retrieved July 9, 2018 from http://www.symantec.com/content/en/us/enterprise/media/security-response/whitepapers/the-evolution-of-ransomware.pdf
Marcos Sebastián, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. Avclass: A tool for massive malware labeling. In Int. Symp. on Research in Attacks, Intrusions, and Defenses. Springer, Cham, 230-253.
Alexander Sevtsov. 2017. Ransomware Network Communication. (14 July 2017). Retrieved July 9, 2017 from https://www.lastline.com/labsblog/ransomware-network-communication/
Sara Tilly. 2017. Cryptolocker Prevention - How to secure your server environment. (29 March 2017). Retrieved July 9, 2018 from https://blog.syskit.com/cryptolocker-prevention
Carl Woodward and Raj Samani. 2017. Is WannaCry Really Ransomware? (8 June 2017). Retrieved July 9, 2018 from https://securingtomorrow.mcafee.com/executive-perspectives/wannacry-really-ransomware/
Michael Young and Ryan Zisk. 2017. Decrypting the NegozI Ransomware. (22 Sept. 2017). Retrieved June 07, 2018 from https://yrz.io/decrypting-the-negozi-ransomware