Nicole Fishbein

Cryptovirology: Second Guessing The Cryptographic Underpinnings of Modern Ransomware

Ransomware has permeated our everyday lives to the point of becoming a household term, featured prominently in news headlines, and even entwined with international politics. However, it is crucial not to overlook the technical intricacies that make ransomware both intriguing and highly effective—the cryptographic foundations that enable attackers to seize files and hold them hostage until a ransom is paid. Surprisingly, implementing cryptography effectively remains a challenging task. In this talk, we will delve into the nitty-gritty details of the cryptographic implementations utilized in modern ransomware and shed light on their inherent flaws.

Through engaging visualizations and occasional explanations in ELI5 terms, we will keep you awake through the math for long enough to discuss the strengths, weaknesses, and, most importantly, the inevitable failures of these implementations. Our focus will center around utilizing the Hybrid Cryptosystem in the context of XData ransomware and the flaws found in the QNAPCrypt key generation algorithm. Furthermore, we will delve into recent ransomware strains, exposing cryptographic flaws that render their effectiveness. Ultimately, we will question whether we can trust these ransomware creators to implement robust cryptography when even we often hesitate to do so ourselves.

Nicole Fishbein is a security researcher and malware analyst at Intezer who served as an embedded researcher in the Israel Defense Forces (IDF) Intelligence Corps. Nicole has been part of research that discovered phishing campaigns, undetected malware, and attacks on Linux-based cloud environments.