Analysis of Encryption Key Generation in Modern Crypto Ransomware

The scale of ransomware attacks increases every year, and so does its cost, which has reached billions of dollars. A specific class of ransomware, called crypto ransomware, encrypts data of the victims for monetary gain. The encryption models adopted in crypto-ransomware can be very diverse, but, regardless, one of the critical aspects of the encryption process is the method used to generate the encryption key. The analysis of such a method can provide valuable information for understanding ransomware's innermost details and features, critical for building defenses. In this paper, we analyze the encryption model and the encryption key generation process of ransomware samples from different families. We discuss the analysis methods and tools we used and the challenges in the analysis of ransomware code. Finally, we present the results of our study and discuss algorithms and functions used in modern crypto-ransomware.