PyLocky Ransomware Source Code Analysis

Abstract

We present an analysis of a recently developed ransomware called “PyLocky.” We first provide an overview of existing tools that may help companies or individuals recover from a “PyLocky.” attack. We also explain the limitations and operating principles of the recovery tools. We next analyze the PyLocky source code, which is now publicly available, and address numerous implementation flaws that may be exploited to speed up a brute force known-plaintext attack on the ransomware’s “two-key triple-DES” encryption scheme. The analysis illustrates general flaws in implementing cryptographic protocols that should be avoided by all software developers. Finally, we note a potentially useful cyber forensic attack on PyLocky that could be helpful for recovery efforts.