Paper 2018/598

Trends in design of ransomware viruses

Vlad Constantin Craciun, Andrei Mogage, and Emil Simion


The ransomware nightmare is taking over the internet impacting common users,small businesses and large ones. The interest and investment which are pushed into this market each month, tells us a few things about the evolution of both technical and social engineering and what to expect in the short-coming future from them. In this paper we analyze how ransomware programs developed in the last few years and how they were released in certain market segments throughout the deep web via RaaS, exploits or SPAM, while learning from their own mistakes to bring profit to the next level. We will also try to highlight some mistakes that were made, which allowed recovering the encrypted data, along with the ransomware authors preference for specific encryption types, how they got to distribute, the silent agreement between ransomwares, coin-miners and bot-nets and some edge cases of encryption, which may prove to be exploitable in the short-coming future.

Available format(s)
Publication info
Contact author(s)
emil simion @ upb ro
2018-06-19: revised
2018-06-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Vlad Constantin Craciun and Andrei Mogage and Emil Simion},
      title = {Trends in design of ransomware viruses},
      howpublished = {Cryptology ePrint Archive, Paper 2018/598},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.