Does anyone know Ransomware that uses its own cryptographic API?

D

Deleted member 65228

Does anyone know Ransomware that uses its own cryptographic API?
I cannot think of one off the top of my head but there is bound to be one out there; there are open-source cryptography projects online so I would imagine others would have done similar work for bad purposes.

I doubt it would be too much of a benefit for someone do make their own library for it though, because in terms of behaviour detection from security products, it is usually done by monitoring I/O activity and writing your own cryptography library should not evade detection that way.
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Ransomware using their own cryptographic API will exist for sure, but often the tendency is to use the Windows Crypto API already included in the operating system that ensures reliable encryption process, without errors.

In many new ransomware, the RSA public key is embedded in the code while the basis key is often generated when a function generates random bytes by calculating the corresponding MD5 HASH, which is converted into the necessary key to start the encryption.

In this way, no key is transferred between the victim and the server which already has the RSA private key, while the basis key is provided by the victim when the decryption is required (paying the ransom).

More frequently it happens that many new ransomware have elements which make them dangerous in the short-to-medium term, in particular, they have the tendency to be less identifiable as possible: no direct interaction with the server for the keys exchanging, the dynamic change of the extensions of the encrypted files and as I said, the use of functions already present in the operating system.
 
  • Like
Reactions: Vasudev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top