Ransomware have observed a steady growth over the years with several concerning trends that indicate efficient, targeted attacks against organizations and individuals alike. These opportunistic attackers indiscriminately target both public and private sector entities to maximize gain. In this article, we highlight the criticality of key management in ransomware's cryptosystem in order to facilitate building effective solutions against this threat. We introduce the ransomware kill chain to elucidate the path our adversaries must take to attain their malicious objective. We examine current solutions presented against ransomware in light of this kill chain and specify which constraints on ransomware are being violated by the existing solutions. Finally, we present the notion of memory attacks against ransomware's key management and present our initial experiments with dynamically extracting decryption keys from real-world ransomware. Results of our preliminary research are promising and the extracted keys were successfully deployed in subsequent data decryption.

中文翻译：

---

攻击勒索软件中的密钥管理

多年来，勒索软件一直在稳步增长，一些令人担忧的趋势表明，针对组织和个人的攻击是有效的、有针对性的。这些投机取巧的攻击者不分青红皂白地瞄准公共和私营部门实体，以最大化收益。在本文中，我们强调了勒索软件密码系统​​中密钥管理的重要性，以促进针对这种威胁构建有效的解决方案。我们介绍了勒索软件杀伤链，以阐明我们的对手为实现其恶意目标必须采取的路径。我们根据此杀伤链检查当前针对勒索软件提出的解决方案，并指定现有解决方案违反了对勒索软件的哪些限制。最后，我们提出了针对勒索软件的内存攻击的概念。s 密钥管理，并展示我们从现实世界勒索软件动态提取解密密钥的初步实验。我们的初步研究结果很有希望，提取的密钥成功部署在后续的数据解密中。