Cryptology ePrint Archive: Report 2019/605

A note on different types of ransomware attacks

Mihail Anghel and Andrei Racautanu

Abstract: Ransomware are malware whose purpose is to generate income for the attacker. The first of these malware made intense use of cryptography, specifically for file encryption. They encrypt some or most files on the computer before asking a ransom for the decryption. Since they appeared, however, ransomware have evolved into different types which fulfill their task in different ways. Some encrypt files and data from the hard drive, others block access to the OS or use private user data to blackmail the user, some arenít even a real threat, but they scare the user into paying for some fake service or software. The software security industry is well aware of these threats and is constantly analyzing the new versions and types to determine how dangerous they are and to provide an updated protection solution. This article tries to investigate and compare the way these malware work and how they affect the victims computer. Our analysis will provide interesting insight into how they work, it will highlight the particularities of ransomware and will give some information about why some of these malware are more dangerous than others.

Category / Keywords: implementation / ransomware, analysis, infection, crypto-ransomware, locker-ransomware

Date: received 30 May 2019

Contact author: racautanu andrei nicolae at fenrir info uaic ro

Available format(s): PDF | BibTeX Citation

Version: 20190602:113414 (All versions of this report)

Short URL: ia.cr/2019/605


[ Cryptology ePrint archive ]