混合加密型勒索软件密文还原方法研究

以混合加密型勒索软件为研究对象，将设置诱饵文件和文件操作监控方法相结合，获取勒索软件文件加密过程中采用的加密密钥、加密算法、密文起始字段和密文长度等相关信息，并提出了被加密文件的还原方法。针对8个流行的勒索软件家族进行密文还原测试，测试结果表明了提出的还原方法的有效性。该密文还原方法适用于混合加密勒索软件密文还原，是现行勒索软件防御策略的有效补充。

Research on File Recovery Method Against Ransomware Using Hybrid Pattern Cryptographic System

In this paper, ransomware using hybrid pattern cryptographic system is taken as the research object. By combining decoy files and file operation monitoring, encryption key, encryption algorithm, the first few bytes of cipher text, the size of cipher text and other details while ransomware encrypting files can be obtained, and this paper proposes a new  file recovery approach. This paper evaluates the file recovery approach against 8 active ransomware families, and the results show that the file recovery approach proposed in this paper is effective. The file recovery approach is suitable for file recovery, which is an effective complement to fill the gap in current strategy of ransomware defense.