{"title":"PyLocky勒索软件源代码分析","authors":"Adam Sorini, Gavin D. Scott","doi":"10.1109/SPCE50045.2020.9296183","DOIUrl":null,"url":null,"abstract":"We present an analysis of a recently developed ransomware called “PyLocky.” We first provide an overview of existing tools that may help companies or individuals recover from a “PyLocky.” attack. We also explain the limitations and operating principles of the recovery tools. We next analyze the PyLocky source code, which is now publicly available, and address numerous implementation flaws that may be exploited to speed up a brute force known-plaintext attack on the ransomware’s “two-key triple-DES” encryption scheme. The analysis illustrates general flaws in implementing cryptographic protocols that should be avoided by all software developers. Finally, we note a potentially useful cyber forensic attack on PyLocky that could be helpful for recovery efforts.","PeriodicalId":426226,"journal":{"name":"2020 IEEE Symposium on Product Compliance Engineering - (SPCE Portland)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"PyLocky Ransomware Source Code Analysis\",\"authors\":\"Adam Sorini, Gavin D. Scott\",\"doi\":\"10.1109/SPCE50045.2020.9296183\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present an analysis of a recently developed ransomware called “PyLocky.” We first provide an overview of existing tools that may help companies or individuals recover from a “PyLocky.” attack. We also explain the limitations and operating principles of the recovery tools. We next analyze the PyLocky source code, which is now publicly available, and address numerous implementation flaws that may be exploited to speed up a brute force known-plaintext attack on the ransomware’s “two-key triple-DES” encryption scheme. The analysis illustrates general flaws in implementing cryptographic protocols that should be avoided by all software developers. Finally, we note a potentially useful cyber forensic attack on PyLocky that could be helpful for recovery efforts.\",\"PeriodicalId\":426226,\"journal\":{\"name\":\"2020 IEEE Symposium on Product Compliance Engineering - (SPCE Portland)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE Symposium on Product Compliance Engineering - (SPCE Portland)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SPCE50045.2020.9296183\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Symposium on Product Compliance Engineering - (SPCE Portland)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPCE50045.2020.9296183","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We present an analysis of a recently developed ransomware called “PyLocky.” We first provide an overview of existing tools that may help companies or individuals recover from a “PyLocky.” attack. We also explain the limitations and operating principles of the recovery tools. We next analyze the PyLocky source code, which is now publicly available, and address numerous implementation flaws that may be exploited to speed up a brute force known-plaintext attack on the ransomware’s “two-key triple-DES” encryption scheme. The analysis illustrates general flaws in implementing cryptographic protocols that should be avoided by all software developers. Finally, we note a potentially useful cyber forensic attack on PyLocky that could be helpful for recovery efforts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
