eCrime - A Key-Management-based Taxonomy for Ransomware


Ransomware encrypts user files making management of the encryption key(s) critical to its success. Developing a better understanding of key management in ransomware is a necessary prerequisite to finding weaknesses that can be exploited for defensive purposes. We describe the evolution of key management as ransomware has matured and examine key management in 25 samples. Based on that analysis, we introduce a ransomware taxonomy that is analogous to hurricane ratings: a Category 5 ransomware is more virulent from a cryptographic standpoint than a Category 3. In our analysis of samples in light of the taxonomy, we observed that poor cryptographic models appear as recently as 2018.

May 15, 2018
San Diego, CA


Pranshu Bajpai
Pranshu Bajpai
Principal Staff Security Architect

PhD, Michigan State University.