Ransomware and the legacy crypto API

39Citations
Citations of this article
44Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Ransomware are malicious software that encrypt their victim’s data and only return the decryption key in exchange of a ransom. After presenting their characteristics and main representatives, we introduce two original countermeasures allowing victims to decrypt their files without paying. The first one takes advantage of the weak mode of operation used by some ransomware. The second one intercept calls made to Microsoft’s Cryptographic API. Both methods must be active before the attack takes place, and none is general enough to handle all ransomware. Nevertheless our experimental results show that their combination can protect users from 50% of the active samples at our disposal.

Cite

CITATION STYLE

APA

Palisse, A., Le Bouder, H., Lanet, J. L., Le Guernic, C., & Legay, A. (2017). Ransomware and the legacy crypto API. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10158 LNCS, pp. 11–28). Springer Verlag. https://doi.org/10.1007/978-3-319-54876-0_2

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free