Skip to Main content Skip to Navigation
Conference papers

Ransomware and the Legacy Crypto API

Abstract : Ransomware are malicious software that encrypt their victim’s data and only return the decryption key in exchange of a ransom. After presenting their characteristics and main representatives, we introduce two original countermeasures allowing victims to decrypt their files without paying. The first one takes advantage of the weak mode of operation used by some ransomware. The second one intercept calls made to Microsoft’s Cryptographic API. Both methods must be active before the attack takes place, and none is general enough to handle all ransomware. Nevertheless our experimental results show that their combination can protect users from 50% of the active samples at our disposal.
Document type :
Conference papers
Complete list of metadata

Cited literature [30 references]  Display  Hide  Download

https://hal.inria.fr/hal-01388056
Contributor : Colas Le Guernic <>
Submitted on : Tuesday, March 28, 2017 - 11:08:11 AM
Last modification on : Friday, January 8, 2021 - 3:12:35 AM

File

papier.pdf
Files produced by the author(s)

Identifiers

Citation

Aurélien Palisse, Hélène Le Bouder, Jean-Louis Lanet, Colas Le Guernic, Axel Legay. Ransomware and the Legacy Crypto API. The 11th International Conference on Risks and Security of Internet and Systems - CRiSIS 2016, Sep 2016, Roscoff, France. pp.11-28, ⟨10.1007/978-3-319-54876-0_2⟩. ⟨hal-01388056⟩

Share

Metrics

Record views

712

Files downloads

2285