Cryptoviral extortion using Microsoft's Crypto API

  title={Cryptoviral extortion using Microsoft's Crypto API},
  author={Adam L. Young},
  journal={International Journal of Information Security},
  • Adam L. Young
  • Published 1 April 2006
  • Computer Science
  • International Journal of Information Security
This paper presents the experimental results that were obtained by implementing the payload of a cryptovirus on the Microsoft Windows platform. The attack is based entirely on the Microsoft Cryptographic API and the needed API calls are covered in detail. More specifically, it is shown that by using eight types of API calls and 72 lines of C code, the payload can hybrid encrypt sensitive data and hold it hostage. Benchmarks are also given. A novel countermeasure against cryptoviral extortion… 

An Implementation of Cryptoviral Extortion Using Microsoft's Crypto API

This chapter presents an experimental implementation of cryptoviral extortion, an attack that we devised and presented at the 1996 IEEE Symposium on Security & Privacy [16] and that was recently

A study on neutralization malicious code using Windows Crypto API and an implementation of Crypto API hooking tool

This paper examines and makes hooking tool against Crytovirus and malicious code using windows CAPI.

An Implementation of Ransomware Malicious Software in Python

This paper presents an approach to developing ransomware in Python programming language that employs Nmap to determine if SSH port is open, and if it is, it enters the victim via SSH protocol.

Overinfection in Ransomware

It is shown that the overinfection in ransomware can have four levels: Level 0 to ensure that the ransomware is not executed twice at the same time on the same machine, Level 1 to avoid re-encrypting its encrypted files, Level 2 to coordinate between its infections on thesame machine and Level 3 to manage the infection between many target machines in the same computer park.

PayBreak: Defense Against Cryptographic Ransomware

The approach, prototype implementation, and evaluation of a novel, automated, and most importantly proactive defense mechanism against ransomware, called PayBreak, which effectively combats ransomware, and keeps victims' files safe.

Vulnerability Analysis on the CNG Crypto Library

  • Kyungroul LeeI. YouKangbin Yim
  • Computer Science
    2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
  • 2015
To prove the found vulnerability of CNG, a proof of-concept tool is implemented based on the details of the vulnerability and a countermeasure is proposed to improve security criteria for various applications to fully take advantage of the CNG library.

Ransomware Analysis and Defense-WannaCry and the Win32 environment

To better understand the inner workings of this high-profile ransomware, a sample of WannaCry is obtained and the malware is dissected completely using advanced static and dynamic malware analysis techniques to enable cyber security experts to better thwart similar attacks in the future.

A 0-Day Aware Crypto-Ransomware Early Behavioral Detection Framework

This paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.

Dynamic ransomware protection using deterministic random bit generator

A dynamic ransomware protection method that replaces the random number generator of the OS with a user-defined generator is proposed, and it is possible to recover an infected file system by reproducing the keys the attacker used to perform the encryption.

Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)

Current security issues of CNG and the related considerations on it are introduced and research on security assurance is strongly required in the environment of distributing and utilizing the CNG library.



Building a Cryptovirus Using Microsoft's Cryptographic API

It is shown that by using 8 types of API calls and 72 lines of ANSI C code, the payload can hybrid encrypt sensitive data and hold it hostage on the host computer system.

Cryptovirology: extortion-based security threats and countermeasures

  • Adam L. YoungM. Yung
  • Computer Science, Mathematics
    Proceedings 1996 IEEE Symposium on Security and Privacy
  • 1996
The idea of Cryptovirology is presented, which employs a twist on cryptography, showing that it can be used offensively to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.

A method for obtaining digital signatures and public-key cryptosystems

An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys.

Optimal Asymmetric Encryption

A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.

A Practical Mix

We introduce a robust and efficient mix-network for exponentiation, and use it to obtain a threshold decryption mix-network for ElGamal encrypted messages, in which mix servers do not need to trust

Untraceable electronic mail, return addresses, and digital pseudonyms

A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication - in spite of

How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks

We address the question of how much security is required to protect a packaged system, installed in a large number of organizations, from thieves who would exploit a single vulnerability to attack

Mixing E-mail with Babel

  • Ceki GülcüG. Tsudik
  • Computer Science, Mathematics
    Proceedings of Internet Society Symposium on Network and Distributed Systems Security
  • 1996
An attempt is made to formalize and quantify certain dimensions of anonymity and untraceable communication in general and the design and salient features of Babel anonymous remailer are introduced.

Almost entirely correct mixing with applications to voting

In order to design an exceptionally efficient mix network, both asymptotically and in real terms, the notion of almost entirely correct mixing is developed, and a new mix network is proposed that is almost entirelycorrect.

Virus dissection: disk killer

  • Wilding, E., Skulason, F. (eds.) Virus Bulletin. Virus Bulletin Ltd., Oxon, UK
  • 1990