Hello. I don’t really know how I should send the attacker the encryption key anonymously after a target/client executes a ransomware executable.
Explain:
I need to know how I should send the attacker [you] the encryption key anonymously (so one can’t find out where it came from, nor where it is going to) after the target [them/the victim] executes an file that secretly has ransomeware code within it.
I could simply put the encryption key in a text file, then upload that file to an FTP server, though that would compromise
on a possibility of the target finding the encryption key. Even if I were to delete the file from the target’s machine immediately after it
was uploaded, it’s still possible to monitor the virus and watch all new files.
I could email the encryption key to the attackers email address. I am not sure what security flaws this may uncover other than the client
being able to simply run Wireshark and read all outgoing packet’s; after reverse engineering them, he/she could probably see the outgoing
email address (Excuse me if I am just a bit off on my reasoning).
I would like some feedback on what other options I may have the would be incredibly hard to detect how the encryption key got
to the attacker. Thanks in advance!
