1. Please describe the advantage/disadvantage on each step (Step 1 to 8) and explain which steps achieve
creator’s properties.
2. From a ransomware creator’s point of view, how can the entire process be more efficient and secure ?

Transcribed Image Text:

Step LO 5 6 7 8 Cryptolocker on victim's machine AES-256 Decryption If victim pays the ransom: Send the Encrypted AES key(s) to C&C server Decrypt files using the corresponding AES key(s) C&C Server If victim don't pay the ransom: Destroy the Encrypted AES key(s) Server decrypts the AES keys using Sprivate Send AES key back to victim's machine Advantage / Disadvantage ? ? ? ? ?

Transcribed Image Text:

Step 1 2 3 4 Cryptolocker on victim's machine Ransomware was delivered to victim's machine by phishing email or exploiting vulnerabilities. Using the embedded C&C Server Public Key Spublic in Cryptolocker, Establish a secure channel. Encrypt victim's data files using the random generated AES-256 key(s) Encrypt the AES key(s) using Server public key, Spublic and keep the encrypted AES key(s) locally Erase ALL AES key(s) and original files from victim's machine (including memory) C&C Server RSA-2048 secure channel Server keeps the Server private key Sprivate locally AES-256 Encryption Advantage / Disadvantage? ? ? ? ?