This document outlines Mark Mager's presentation on cryptanalysis of ransomware. The presentation covers the typical execution flow of ransomware, including key generation, file encryption, and leaving ransom notes. It then discusses the cryptanalysis workflow of performing dynamic and reverse engineering analysis. Specific ransomware examples are walked through, including Powerware, Nemucod, TorrentLocker, and Apocalypse. Common issues seen in ransomware crypto implementations are highlighted. The document concludes that cryptanalysis is an iterative process of testing theories and developing proofs of concept to decrypt files.