Abstract
Recently, the wanton outbreak of ransomware WannaCry caused great harm to the network users. How to prevent and decrypt ransomware WannaCry brings a big challenge to security practitioners and researchers. In this paper, we first study the detailed encryption and decryption process of ransomware WannaCry, and then propose a novel method called dptCry to decrypt and free the damaged data. dptCry monitors and tracks all the running processes of an operating system, performs API hooking for key operations, records key information with the customized hook functions. When ransomware WannaCry infected, Using the recorded key information, dptCry can decrypt the damaged files. Our experimental results show that dptCry can be effectively used to mitigate users from the damages caused by WannaCry. dptCry can also be applied to other ransomware using similar mechanisms.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
