$30 off During Our Annual Pro Sale. View Details »

An Empirical Study of Key Generation in Cryptographic Ransomware

An Empirical Study of Key Generation in Cryptographic Ransomware


Ransomware acquire the leverage necessary for ransom extraction via encryption of irreplaceable data. Successful encryption requires secure key generation and therefore comprehension of key generation strategies deployed in ransomware is critical for developing effective response and recovery solutions. This paper presents a systematic study of key generation strategies observed in modern ransomware with the goal of facilitating swift identification of cryptographically insecure and operationally nonviable key routines in novel threats. Empirical evidence of the identified strategies is provided in the form of code snippets and disassembly of real-world ransomware. Additionally, the identified strategies are mapped to a timeline based on the actual ransomware samples where these strategies were observed. Finally, a list of 10 questions provides guidance in recognizing the critical intricacies of key generation and deployment in novel ransomware.

Pranshu Bajpai

June 15, 2020

More Decks by Pranshu Bajpai

Other Decks in Research


  1. An Empirical Study of Key Generation in Cryptographic Ransomware Pranshu

    Bajpai and Richard Enbody Michigan State University IEEE Cyber Security 2020 June 17th, 2020
  2. Introduction • Cryptographic ransomware require secure key generation • Variety

    of key generation routines have been observed in the wild • A systematic study of key generation procedures is necessary to identify critical characteristics of novel ransomware: • RNG used in key creation • API used for key generation • Key generation site: local versus remote • Key type: standard versus custom algorithms • Key recoverability: vulnerability of the generation procedure • Single key versus multi-key file encryption 2
  3. Primary Key Generation Strategies 3 Static Key Dynamic Key Asymmetric

    Key Symmetric Key Dynamic Key Static Key Standard CryptoAPI Ephemeral Data Statically Bound Libraries Non-crypto RNGs Network-based Key Core Generation Logic
  4. 4 Fig: Static asymmetric key Fig: Dynamically-generated symmetric key

  5. 5 Func _crypt_encryptfile($ssourcefile, $sdestinationfile, $vcryptkey, $ialg_id) ... $vcryptkey = _crypt_derivekey($vcryptkey,

    $ialg_id) ... For $i = 1 To $y[0] Step +1 If NOT StringInStr($y[$i], "Lock.") Then $dd1 = StringReplace($y[$i], "Fixed.", "") _crypt_encryptfile(@DesktopDir & "/" & $y[$i], @DesktopDir & "/Lock." & $dd1, "888", $calg_des) FileDelete(@DesktopDir & "/" & $y[$i]) EndIf Next Fig: Static symmetric key in AutoIT ransomware Fig: Dynamically-generated symmetric key in NotPetya
  6. 6 function GenerateKey() { $key[1] = $_SERVER["DOCUMENT_ROOT"]; $key[2] = $_SERVER['SERVER_NAME'];

    $key[3] = $key[1] . "Y" . $key[2] . "K" . date('Y/m/d') . "B" . date('d-/Y:m') . "H" . date('Y-Y-Y'); $key[4] = substr(md5(urlencode(md5( gzcompress(md5(base64_encode(md5 (sha1("wh0#$c@$%^&nd3$@#@!cr8//> yP^&*t1t5- $"%.$key[3])))))))),0,25); return $key[4]; } Fig: Key generation with ephemeral data in kimcilware Fig: Key derivation from a password string
  7. Result 7 Ransomware Year Key Generation Wannacry 2017 D GPCode

    2006 A Paradise 2017 B JigSaw 2016 C NotPetya 2017 D Cerber 2016 D Kimcilware 2016 E CryptoWall 2014 H Key Generation CS? OV? Notation Static asymmetric key ✔  A Dynamic asymmetric key ✔  B Static symmetric key  ✔ C -Dynamic using CryptoAPI ✔ ✔ D -Dynamic using ephemeral data?  ✔ E -Dynamic using static libraries ✔ ✔ F -Dynamic using random generators  ✔ G Network key (attacker’s domain) ✔  H
  8. Identifying Key Characteristics in Novel Ransomware • Encryption key: Network

    or host? • Encryption algorithms: Standard or custom? • Key generation: Static or dynamic? • Bulk encryption: Symmetric or asymmetric? • Key persistence: Secure or vulnerable? • Key material: Cryptographically-secure or vulnerable? • Cryptographic library: Static or dynamic? • Independence: Involvement of the C&C server? • Encryption key: Single or multiple (one-per-file)? 6/9/2020 8
  9. Conclusion • Cryptographically weak key generation models continue to appear

    in recent variants • Complexity of key management (and associated implementation errors) allows us to provide decryptors for certain variants • Particularly ineffective variants will be gradually replaced with stronger models • High-level APIs will continue to be leveraged by the attackers
  10. Thank You @amirootyet www.amirootyet.com