Can it automatically decrypt any ransomware?

No, it is an analysis tool that identifies whether decryption is possible based on known weaknesses, existing decryptors, or specific implementation errors in the malware.

Do I need special tools to use this skill?

Yes, it is designed to be used alongside reverse engineering tools like Ghidra or IDA Pro and Python libraries such as pycryptodome for verification.

Which encryption algorithms does it support?

It covers common ransomware schemes including AES-CBC, RSA-2048/4096, ChaCha20, Salsa20, and various hybrid encryption methods.

Is it effective against modern ransomware like LockBit?

It helps analyze their schemes; while many use strong encryption, it helps identify if mistakes were made in the key management or if keys can be recovered from memory.

How does this skill help in ransomware recovery?

It provides a systematic workflow to identify the encryption algorithm used and find implementation flaws that might allow for data recovery without a key.

Ransomware Encryption Analysis

Name: Ransomware Encryption Analysis
Author: micsapp

bymicsapp

0•

Security & Testing

Analyzes ransomware cryptographic routines to identify encryption algorithms, evaluate implementation weaknesses, and assess decryption feasibility for data recovery.

This skill provides a structured framework for reverse engineering and evaluating the encryption mechanisms used by various ransomware families. It guides users through identifying cryptographic APIs, analyzing key generation patterns—such as per-file versus static keys—and detecting critical implementation flaws like ECB mode usage or predictable random number seeds. Whether you are performing malware attribution or attempting to develop a custom decryptor, this skill offers specialized workflows for using tools like Ghidra, Python, and memory forensics to recover data safely and effectively.

Key Features

01Detection of implementation flaws including IV reuse and predictable seeds

020 GitHub stars

03Identification of cryptographic algorithms like AES, RSA, and ChaCha20

04Step-by-step feasibility assessment for data recovery operations

05Analysis of key generation, storage, and management patterns

06Memory forensics workflows for extracting encryption key schedules

Use Cases

01Developing custom data recovery tools for malware with flawed encryption logic

02Assessing if a specific ransomware infection can be decrypted using known weaknesses

03Reverse engineering new ransomware samples to identify cryptographic signatures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills analyzing-ransomware-encryption-mechanisms

For use in Claude.ai and ChatGPT

Key Features

01Detection of implementation flaws including IV reuse and predictable seeds

020 GitHub stars

03Identification of cryptographic algorithms like AES, RSA, and ChaCha20

04Step-by-step feasibility assessment for data recovery operations

05Analysis of key generation, storage, and management patterns

06Memory forensics workflows for extracting encryption key schedules

Use Cases

01Developing custom data recovery tools for malware with flawed encryption logic

02Assessing if a specific ransomware infection can be decrypted using known weaknesses

03Reverse engineering new ransomware samples to identify cryptographic signatures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills analyzing-ransomware-encryption-mechanisms

For use in Claude.ai and ChatGPT