Ransomware Attack || how it works
### Flowchart of a Ransomware Attack
**1. Initial Infection:**
- The victim
unknowingly downloads malware (via phishing emails, malicious websites, etc.).
**2. Execution of Malware:**
- The malware is got execute on the victim’s system.
**3. Connection to Command and Control (C2) Server:**
- The malware
connect the attacker's C2 server to underlay communication.
**4. Key Exchange:**
- The ransomware
receives a public encryption key from the attacker's server.
**5. Data Encryption:**
- The ransomware
uses the public key to encrypt files on the victim's system.
**6. Display ransom notice:**
- A ransom demand notice will be displayed, asking for
payment of the decryption key.
**7. Victim payment:**
- The victim will have to pay the ransom (usually in cryptocurrency).
**8. Decryption Key Delivery (Optional):**
- If the attackers
are true to their word, they provide the decryption key after payment.
**9. Data Decryption:**
- The victim uses
the private decryption key to recover encrypted data.
### Diagram of Asymmetric Cryptography in Ransomware
The diagram for asymmetric cryptography used in ransomware
would show:
1. **Key Generation:**
- Public and
private keys are generated by the attacker.
2. **Public Key Encryption:**
- The public key is
shared with the ransomware malware to encrypt data.
3. **Data Encryption:**
- Files are
encrypted using the public key on the victim's machine.
4. **Private Key Secrecy:**
- The private key
is kept secure and never shared with the victim.
5. **Private Key Decryption (Post Payment):**
- The victim
receives the private key after paying the ransom and uses it to decrypt the
files.
*******
Flowchart of a Ransomware Attack
```plaintext
+---------------------+
| Initial
Infection |
| Victim
downloads |
| malware
(phishing |
| emails,
malicious |
|
websites, etc.) |
+---------------------+
|
v
+---------------------+
|
Execution of Malware|
| Malware
is executed |
| on the
victim's |
|
system |
+---------------------+
|
v
+---------------------+
|
Connection to C2 |
|
Server |
| Malware
contacts |
| attacker's
C2 |
|
server |
+---------------------+
|
v
+---------------------+
| Key
Exchange |
| Malware
receives |
| public
encryption |
| key
from attacker's |
|
server |
+---------------------+
|
v
+---------------------+
| Data
Encryption |
| Malware
uses public |
| key to
encrypt |
| files
on victim's |
|
system |
+---------------------+
|
v
+---------------------+
| Display
Ransom Note |
| A
ransom note is |
|
displayed, |
|
demanding payment |
| for the
decryption |
|
key |
+---------------------+
|
v
+---------------------+
| Payment
by Victim |
| Victim
pays the |
| ransom
(usually in |
|
cryptocurrency) |
+---------------------+
|
v
+---------------------+
|
Decryption Key |
|
Delivery (Optional) |
| If
attackers are |
| true to
their word, |
| they
provide the |
|
decryption key |
+---------------------+
|
v
+---------------------+
| Data
Decryption |
| Victim
uses the |
| private
decryption |
| key to
recover |
|
encrypted data |
+---------------------+
```
###
Diagram of Asymmetric Cryptography in Ransomware
```plaintext
+---------------------+
| Key
Generation |
| Public
and private |
| keys
are generated |
| by the
attacker |
+---------------------+
|
v
+---------------------+
| Public
Key |
|
Encryption |
| Public
key is |
| shared
with the |
|
ransomware malware |
| to
encrypt data |
+---------------------+
|
v
+---------------------+
| Data
Encryption |
| Files
are encrypted |
| using
the public |
| key on
the victim's |
|
machine |
+---------------------+
|
v
+---------------------+
| Private
Key |
|
Secrecy |
| The
private key is |
| kept
secure and |
| never
shared with |
| the
victim |
+---------------------+
|
v
+---------------------+
| Private
Key |
|
Decryption (Post |
|
Payment) |
| Victim
receives the |
| private
key after |
| paying
the ransom |
| and
uses it to |
| decrypt
the files |
+---------------------+
```
These diagrams provide a simplified visual representation of the steps
involved in a ransomware attack and the use of asymmetric cryptography within
such an attack.
#### Flowchart
```
Start
|
v
Initial Infection (Phishing, malicious downloads, etc.)
|
v
Malware Execution on Victim's System
|
v
Connect to C2 Server
|
v
Receive Public Encryption Key
|
v
Encrypt Files with Public Key
|
v
Display Ransom Note
|
v
Wait for Ransom Payment
|
v
If Payment Made? -------> Yes -> Send Private
Decryption Key -> Decrypt Data -> End
|
|
v
No
|
v
Keep Files Encrypted
|
v
End
```
#### Asymmetric Cryptography Diagram
```
[Attacker's System]
| [Victim's
System]
| |
|----------------------------------> [Public Key Sent]
| |
| v
| Encrypt Files
with Public Key
| |
| v
| [Encrypted Files on
Victim's System]
| |
| v
|-----------------------------------< [Ransom Note Displayed]
| |
| v
| Wait for
Payment
| |
| v
|-----------------> [Payment] ----------------------------->
| |
| v
|-----------------------------------< [Private Key Sent]
| |
| v
| Decrypt Files
with Private Key
%20in%20palmistry.webp)
Comments
Post a Comment