Title: CryptoLocker demystified: a study in ransomware analysis techniques

Authors: Riya Rajendran Nair; Parth Lakhalani; Heena Sirajudddin Karbhari; Kiranbhai R. Dodiya

Addresses: Department of Biochemistry and Forensic Science, Gujarat University, Ahmedabad, Gujarat, India ' Cyber Security Officer, Mediaire GmbH, Möckernstraße 63, 10965 Berlin, Germany ' Techdefence Labs Solutions Ltd., Vastrapur, Ahmedabad, Gujarat, 380015, India ' Department of Biochemistry and Forensic Science, Gujarat University, Ahmedabad, Gujarat, India

Abstract: Ransomware is a kind of malware that spreads by itself and uses encryption to demand payment for its victims' data. It is one of the deadliest cyber dangers that have surfaced in recent years. These ransomware assaults have been becoming more frequent. Technical investigation of such malicious programs is vital, as is determining the source of such assaults, if possible. Although recovering the affected files may be difficult due to the heavy encryption placed on such material, locating the origin of ransomware attacks has become essential for criminal prosecution. In this work, we used a virtual computer running Windows 10 to analyse the CryptoLocker ransomware sample in a safe environment. Our combined analysis found several noteworthy similarities between the different code components. Using various open-source tools and software, our goal is to use statically extracted features and dynamic analysis of the malware's behaviour to get a comprehensive report on our malware's properties and its capacity to infect any system with a weak defence mechanism.

Keywords: ransomware; CryptoLocker; technical analysis; encryption; technical analysis; malware behaviour.

DOI: 10.1504/IJSN.2025.146750

International Journal of Security and Networks, 2025 Vol.20 No.2, pp.59 - 66

Received: 04 Feb 2025
Accepted: 12 Mar 2025
Published online: 16 Jun 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article