Cryptoviral extortion using Microsoft's Crypto API
@article{Young2006CryptoviralEU, title={Cryptoviral extortion using Microsoft's Crypto API}, author={A. Young}, journal={International Journal of Information Security}, year={2006}, volume={5}, pages={67-76} }
This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion… CONTINUE READING
Figures from this paper
Figures
28 Citations
Vulnerability Analysis on the CNG Crypto Library
- Computer Science
- 2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
- 2015
- 3
Dynamic ransomware protection using deterministic random bit generator
- Computer Science
- 2017 IEEE Conference on Application, Information and Network Security (AINS)
- 2017
- 9
Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)
- Computer Science
- 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
- 2013
- 9
Static and Dynamic Analysis of Third Generation Cerber Ransomware
- Computer Science
- 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT)
- 2018
- 5
References
SHOWING 1-10 OF 16 REFERENCES
Cryptovirology: extortion-based security threats and countermeasures
- Computer Science
- Proceedings 1996 IEEE Symposium on Security and Privacy
- 1996
- 172
- PDF
A method for obtaining digital signatures and public-key cryptosystems
- Computer Science
- CACM
- 1978
- 7,156
- PDF
Untraceable electronic mail, return addresses, and digital pseudonyms
- Computer Science
- CACM
- 1981
- 3,030
- PDF
How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks
- Computer Science
- Financial Cryptography
- 2003
- 113
- PDF
Mixing E-mail with Babel
- Computer Science
- Proceedings of Internet Society Symposium on Network and Distributed Systems Security
- 1996
- 351
- PDF
Announcing Approval of Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard; a Revision of FIPS 180-2
- Federal Register 67(165), 54785–54787
- 2002