The files on the infected machine are usually encrypted with AES, which is one of the symmetric encryption methods. Thus, after encryption on machines exposed to today's ransomware attacks is completely ended, the private key stored in the C&C server is needed to open the files. In the new generation ransomware attacks, only the public key is sent to the infected machine, as shown in Figure 2.3, from the cryptographic key pair created on the C&C server, and the private key is never let out from the server. While the attackers used only symmetric encryption methods with the advent of the ransomware threat, they now prefer the hybrid encryption mechanism, which utilizes both symmetric and asymmetric encryption methods. ransomware use encryption algorithms that vary from RC4 to RSA+AES and ECDH+AES.
0 kommentar(er)
