Ryan Robinson

Cryptovirology: Second Guessing The Cryptographic Underpinnings of Modern Ransomware

Ransomware has permeated our everyday lives to the point of becoming a household term, featured prominently in news headlines, and even entwined with international politics. However, it is crucial not to overlook the technical intricacies that make ransomware both intriguing and highly effective—the cryptographic foundations that enable attackers to seize files and hold them hostage until a ransom is paid. Surprisingly, implementing cryptography effectively remains a challenging task. In this talk, we will delve into the nitty-gritty details of the cryptographic implementations utilized in modern ransomware and shed light on their inherent flaws.

Through engaging visualizations and occasional explanations in ELI5 terms, we will keep you awake through the math for long enough to discuss the strengths, weaknesses, and, most importantly, the inevitable failures of these implementations. Our focus will center around utilizing the Hybrid Cryptosystem in the context of XData ransomware and the flaws found in the QNAPCrypt key generation algorithm. Furthermore, we will delve into recent ransomware strains, exposing cryptographic flaws that render their effectiveness. Ultimately, we will question whether we can trust these ransomware creators to implement robust cryptography when even we often hesitate to do so ourselves.

Ryan Robinson is a security researcher for Intezer. He specializes in malware reverse engineering and cyber threat intelligence. Ryan has spent years working on both sides of the security vendor line, working to secure systems from the cloud down to laptops and mobile devices. In previous roles, Ryan has worked as a Security Engineer securing cloud applications and as an analyst in Anomali’s Threat Research team.