Litcius/Paper detail

PyLocky Ransomware Source Code Analysis

Adam Sorini, Gavin D. Scott

202011 citationsDOI

Abstract

We present an analysis of a recently developed ransomware called “PyLocky.” We first provide an overview of existing tools that may help companies or individuals recover from a “PyLocky.” attack. We also explain the limitations and operating principles of the recovery tools. We next analyze the PyLocky source code, which is now publicly available, and address numerous implementation flaws that may be exploited to speed up a brute force known-plaintext attack on the ransomware's “two-key triple-DES” encryption scheme. The analysis illustrates general flaws in implementing cryptographic protocols that should be avoided by all software developers. Finally, we note a potentially useful cyber forensic attack on PyLocky that could be helpful for recovery efforts.

Topics & Concepts

RansomwareComputer scienceSource codeCode (set theory)Programming languageOperating systemMalwareSet (abstract data type)Advanced Malware Detection TechniquesNetwork Security and Intrusion DetectionInformation and Cyber Security