Skip to main content
Top
Published in:

08-06-2022

A review on spreading and Forensics Analysis of Windows-Based ransomware

Authors: Narendrakumar Mangilal Chayal, Ankur Saxena, Rijwan Khan

Published in: Annals of Data Science | Issue 5/2024

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Ransomware is one of the most advanced malware which uses high computer resources and services to encrypt system data once it infects a system and causes large financial data losses to the organization and individuals. There are certain automatic ransomware detection and analysis strategies available nowadays. File system analysis reveals some essential patterns and artifacts that can be very useful to understand its behavior spreading mechanism, taxonomy for malware forensics experts. Current trend explores Ransomware as a service (RaaS) and Malware as a service (MaaS) on Darknet. This paper reveals a theory of digital forensic methodology to identify the spreading/infection mechanism and attack path, the cryptographic methodology, windows services, process, APIs, persistence mechanism, and system lockdown strategies and malware analysis methodology. This review could be helpful to learn and understand malware forensic analysis for threat researchers, students, cyber experts, etc.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference Monnappa KA (2018) Learning Malware Analysis,Packt Publishing LTD, Birmingham-Mumbai, U.K, Monnappa KA (2018) Learning Malware Analysis,Packt Publishing LTD, Birmingham-Mumbai, U.K,
2.
go back to reference Yuri, Diogenes (2018) Erdal Ozkaya,Cyber Security-Attack and Defense Strategies. Packt Publishing LTD, Birmingham-Mumbai, U.K Yuri, Diogenes (2018) Erdal Ozkaya,Cyber Security-Attack and Defense Strategies. Packt Publishing LTD, Birmingham-Mumbai, U.K
3.
go back to reference Preparing for Ransomware, Grossman J (2017) RSA Conference Feb 13–17, San Fransico Preparing for Ransomware, Grossman J (2017) RSA Conference Feb 13–17, San Fransico
5.
go back to reference Camelia Simoiu C, Gates J, Bonneau S, Goel (2019) I was told to buy a software or lose my computer. I ignored it”: A study of ransomware, SOUPS’19: Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security,August Pages 155–174 Camelia Simoiu C, Gates J, Bonneau S, Goel (2019) I was told to buy a software or lose my computer. I ignored it”: A study of ransomware, SOUPS’19: Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security,August Pages 155–174
6.
go back to reference Lucrative ransomware attacks: Analysis of the cryptowall version 3 threat. Technical report, Cyber Threat Alliance (2015) accessed on 21-04-2020 Lucrative ransomware attacks: Analysis of the cryptowall version 3 threat. Technical report, Cyber Threat Alliance (2015) accessed on 21-04-2020
8.
go back to reference Sonu B, Surati GI, Prajapati, A Review on Ransomware Detection & Prevention, International Journal of Research and Scientific Innovation (IJRSI), Volume IV, Issue IX(2017) September Sonu B, Surati GI, Prajapati, A Review on Ransomware Detection & Prevention, International Journal of Research and Scientific Innovation (IJRSI), Volume IV, Issue IX(2017) September
9.
go back to reference Zavarsky P, Lindskog D(2016) “Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization,” vol. 94, pp. 465–472, Zavarsky P, Lindskog D(2016) “Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization,” vol. 94, pp. 465–472,
12.
go back to reference Lorenzo Fernández Maimó, Alberto Huertas Celdrán ÁngelL, Perales Gómez,Félix J(2019) García Clemente,James Weimer,Insup Lee Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments, Sensors (Basel). March Lorenzo Fernández Maimó, Alberto Huertas Celdrán ÁngelL, Perales Gómez,Félix J(2019) García Clemente,James Weimer,Insup Lee Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments, Sensors (Basel). March
15.
go back to reference Mohanta A, Hahad M, Velmurugan K (2018) Preventing Ransomware Understand, prevent, and remediate ransomware attacks. Packt Publishing Ltd, UK March Mohanta A, Hahad M, Velmurugan K (2018) Preventing Ransomware Understand, prevent, and remediate ransomware attacks. Packt Publishing Ltd, UK March
16.
go back to reference Allan Liska T, Gallo (2017) Ransomware Defending against Digital Extortion. O’Reilly Media Inc. US Allan Liska T, Gallo (2017) Ransomware Defending against Digital Extortion. O’Reilly Media Inc. US
17.
go back to reference Daniele Sgandurra M, Software, Smart Card and IOT Security Center,University of London, 28/02/2017 Daniele Sgandurra M, Software, Smart Card and IOT Security Center,University of London, 28/02/2017
18.
go back to reference Daniele Sgandurra,The Evolution of Ransomware Dissecting Ransomware,Smart Card and IOT Security Center,University of London, 28/02/2017 Daniele Sgandurra,The Evolution of Ransomware Dissecting Ransomware,Smart Card and IOT Security Center,University of London, 28/02/2017
19.
go back to reference Dr E, Dilipraj, SUPPOSED CYBER ATTACK ON KUDANKULAM NUCLEAR INFRASTRUCTURE - A BENIGN REMINDER OF A POSSIBILE REALITY, Center for Air Power Studies, 12 November 2019 Dr E, Dilipraj, SUPPOSED CYBER ATTACK ON KUDANKULAM NUCLEAR INFRASTRUCTURE - A BENIGN REMINDER OF A POSSIBILE REALITY, Center for Air Power Studies, 12 November 2019
20.
go back to reference Joshua, Saxe (2018) Hillary Sanders, Malware Data Science Attack Detection and Attribution. No Starch Press, San Francisco Joshua, Saxe (2018) Hillary Sanders, Malware Data Science Attack Detection and Attribution. No Starch Press, San Francisco
21.
go back to reference Cameron H, Mailin E, Casey JM, Aquilina(2014) Malware Forensics Field For Linux Systems Digital Forensics Field Guides, Elsevier, USA Cameron H, Mailin E, Casey JM, Aquilina(2014) Malware Forensics Field For Linux Systems Digital Forensics Field Guides, Elsevier, USA
22.
go back to reference Sumith Maniath A, Ashok P, Poornachandran, Sujadevi VG (2017) Prem Sankar, Srinath Jan, Deep Learning LSTM based Ransomware Detection. Recent Developments in Control Automation and Power Engineering, IEEE, Sumith Maniath A, Ashok P, Poornachandran, Sujadevi VG (2017) Prem Sankar, Srinath Jan, Deep Learning LSTM based Ransomware Detection. Recent Developments in Control Automation and Power Engineering, IEEE,
23.
go back to reference Petya Like Ransmoware Analysis (2017)Nyotron Securing the world, June Petya Like Ransmoware Analysis (2017)Nyotron Securing the world, June
24.
go back to reference Wan Y-L, Chang J-C, Chen R-J, Wan S-J(2018) Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis, 3rd International Conference on Computer and Communication Systems, April Japan Wan Y-L, Chang J-C, Chen R-J, Wan S-J(2018) Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis, 3rd International Conference on Computer and Communication Systems, April Japan
25.
go back to reference Smruti, Saxena(2018) Hemant Kumar Soni, Strategies for Ransomware Removal and Prevention, 4th International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics, Chennai, India, Smruti, Saxena(2018) Hemant Kumar Soni, Strategies for Ransomware Removal and Prevention, 4th International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics, Chennai, India,
26.
go back to reference Sherer JA, McLellan ML, Emily R, Fedeles NL, Sterling(2017) Ransomware- Practical and legal consideration for confronting the new economic engine of the dark web,Richmond Journal of Law and Technology, Vol 23, Issue 3, Sherer JA, McLellan ML, Emily R, Fedeles NL, Sterling(2017) Ransomware- Practical and legal consideration for confronting the new economic engine of the dark web,Richmond Journal of Law and Technology, Vol 23, Issue 3,
27.
go back to reference Maxat Akbanov, Vassilios G, Vassilakis ID, Moscholios MD (2018) Logothetis, Static and Dynamic Analysis of WannaCry Ransomware. IEICE Information and Communication Technology Forum Maxat Akbanov, Vassilios G, Vassilakis ID, Moscholios MD (2018) Logothetis, Static and Dynamic Analysis of WannaCry Ransomware. IEICE Information and Communication Technology Forum
28.
go back to reference O’Brien D(2017) “Ransomware 2017”, Internet Security Threat Report, Symantec, July O’Brien D(2017) “Ransomware 2017”, Internet Security Threat Report, Symantec, July
29.
go back to reference Cabaj K, Gregorczyk M, Mazurczyk W (Feb. 2018) Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Comput Electr Eng 66:353–386 Cabaj K, Gregorczyk M, Mazurczyk W (Feb. 2018) Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Comput Electr Eng 66:353–386
30.
go back to reference Aditya Tandon A, Nayyar (2018) A Comprehensive Survey on Ransomware Attack: A Growing Havoc Cyberthreat. Springer Nature Aditya Tandon A, Nayyar (2018) A Comprehensive Survey on Ransomware Attack: A Growing Havoc Cyberthreat. Springer Nature
31.
32.
go back to reference Nihad AHassan, Hijazi R (2017) Digital Privacy and Security using Windows A practical Guide. Apress, New York Nihad AHassan, Hijazi R (2017) Digital Privacy and Security using Windows A practical Guide. Apress, New York
34.
go back to reference Young AL, Yung M (2017) Cryptovirology: The birth, neglect, and explosion of ransomware. Commun ACM 60(7):24–26CrossRef Young AL, Yung M (2017) Cryptovirology: The birth, neglect, and explosion of ransomware. Commun ACM 60(7):24–26CrossRef
35.
go back to reference Mercaldo F, Nardone V, Santone A(2016), August Ransomware inside out. In 2016 11th International Conference on Availability, Reliability and Security (ARES) (pp. 628–637). IEEE Mercaldo F, Nardone V, Santone A(2016), August Ransomware inside out. In 2016 11th International Conference on Availability, Reliability and Security (ARES) (pp. 628–637). IEEE
36.
go back to reference Mansfield-Devine S(2016) Ransomware: Taking businesses hostage. Network Security, 2016(10), 8–17 Mansfield-Devine S(2016) Ransomware: Taking businesses hostage. Network Security, 2016(10), 8–17
37.
go back to reference . Mercaldo F, Nardone V, Santone A, Visaggio CA(2016), June Ransomware steals your phone, formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems, 2016 . Mercaldo F, Nardone V, Santone A, Visaggio CA(2016), June Ransomware steals your phone, formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems, 2016
38.
go back to reference Kinder J, Katzenbeisser S, Schallhart C, Veith H (2005) Detecting malicious codeby model checking. Springer Kinder J, Katzenbeisser S, Schallhart C, Veith H (2005) Detecting malicious codeby model checking. Springer
39.
go back to reference Tj, O’Conner (2013) Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers. Syngrees Elsevier Tj, O’Conner (2013) Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers. Syngrees Elsevier
40.
go back to reference Ashok Kumar D, Venugopalan SR(2017) Intrusion detection systems: A review, International Journal of Advanced Research in Computer Science, Volume 8, No. 8, September-October Ashok Kumar D, Venugopalan SR(2017) Intrusion detection systems: A review, International Journal of Advanced Research in Computer Science, Volume 8, No. 8, September-October
41.
go back to reference Howard M (2003) David Leblanc, Writing Secure Code. Microsoft Press Washington Howard M (2003) David Leblanc, Writing Secure Code. Microsoft Press Washington
42.
go back to reference Dolly Uppal VM, Verma V(2014) Basic survey on Malware Analysis, Tools and Techniques,International Journal on Computational Sciences & Applications, Vol. 4, No.1, Dolly Uppal VM, Verma V(2014) Basic survey on Malware Analysis, Tools and Techniques,International Journal on Computational Sciences & Applications, Vol. 4, No.1,
43.
go back to reference Peter, Kim (July 2015) The hacker playbook 2 Practical Guide to Penetration Testing. Secure Planet LLC Peter, Kim (July 2015) The hacker playbook 2 Practical Guide to Penetration Testing. Secure Planet LLC
44.
go back to reference Chris, Anley(2007) Neel MehtaJohn Heasman, Felix, Gerado Richarte, he Shellcoder’s Handbook Discovering and Exploiting Security Holes 2nd Edition, Wiley Publishing Inc, Chris, Anley(2007) Neel MehtaJohn Heasman, Felix, Gerado Richarte, he Shellcoder’s Handbook Discovering and Exploiting Security Holes 2nd Edition, Wiley Publishing Inc,
45.
go back to reference Ludwig M (1998) Giant Black Book of Computer Viruses. American Eagle Publications, Arizona Ludwig M (1998) Giant Black Book of Computer Viruses. American Eagle Publications, Arizona
46.
go back to reference Peter, Szor (Feb 2005) The Art of Computer Virus Research and Defense. Addison Wesley Professional Peter, Szor (Feb 2005) The Art of Computer Virus Research and Defense. Addison Wesley Professional
47.
go back to reference Hyde R(2010) The Art of Assembly Language 2nd Edition, no starch press, San Francisco, Hyde R(2010) The Art of Assembly Language 2nd Edition, no starch press, San Francisco,
48.
go back to reference Saxena A, Badal D(2017) A Robust and Deterministic Digital Watermarking Technique Based on Cosine Transform Saxena A, Badal D(2017) A Robust and Deterministic Digital Watermarking Technique Based on Cosine Transform
49.
go back to reference Andrew Bettany MVP, Halsey M(2017)Windows Virus and Malware Troubleshooting, Apress, Andrew Bettany MVP, Halsey M(2017)Windows Virus and Malware Troubleshooting, Apress,
50.
go back to reference Anson S, Bunting S, Johnson R(2012) Scott Pearson, Mastering Windows Network Forensics and Investigation 2nd Edition, Wiley Inc, Anson S, Bunting S, Johnson R(2012) Scott Pearson, Mastering Windows Network Forensics and Investigation 2nd Edition, Wiley Inc,
51.
go back to reference Christopher C(2015) Elisan, Advanced MalwareAnalysis, McGrawHill, USA, Christopher C(2015) Elisan, Advanced MalwareAnalysis, McGrawHill, USA,
52.
go back to reference Sirosi M, Honig A (2012) Practical Malware Analysis the hands-on guide to dissecting malicious software. No Starch Press, San Francisco Sirosi M, Honig A (2012) Practical Malware Analysis the hands-on guide to dissecting malicious software. No Starch Press, San Francisco
53.
go back to reference Micheal Hale A, Case J, Levy A, Walters (2014) The Art of Memory Forensics. John Wiley & Sons, Canada Micheal Hale A, Case J, Levy A, Walters (2014) The Art of Memory Forensics. John Wiley & Sons, Canada
55.
go back to reference Lee JK, Moon SY, Park JH(2017) CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7) • July 2016 Lee JK, Moon SY, Park JH(2017) CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7) • July 2016
57.
go back to reference Lee JK, Moon SY, Park JH(2017) CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7) • July 2016 Lee JK, Moon SY, Park JH(2017) CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7) • July 2016
58.
go back to reference Lee JK, Moon SY, Park JH(2017) CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7) · July 2016 Lee JK, Moon SY, Park JH(2017) CloudRPS: A cloud analysis based enhanced ransomware prevention system. The Journal of Supercomputing, 73(7) · July 2016
64.
go back to reference Monika P, Zavarsky D, Lindskog(2016) Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization, The 2nd International Workshop on Future Information Security, Privacy & Forensics for Complex Systems, Procedia Computer Science 94 465–472 Monika P, Zavarsky D, Lindskog(2016) Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization, The 2nd International Workshop on Future Information Security, Privacy & Forensics for Complex Systems, Procedia Computer Science 94 465–472
65.
go back to reference Mohanta A (2018) Kumaraguru Velmurugan, and Mounir Hahad, Preventing Ransomware: Understand, prevent, and remediate ransomware attacks. Packt Publishing Mohanta A (2018) Kumaraguru Velmurugan, and Mounir Hahad, Preventing Ransomware: Understand, prevent, and remediate ransomware attacks. Packt Publishing
69.
go back to reference Kharraz A, Kirda E(2017) Redemption: Real-time protection against ransomware at end-hosts. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 98–119. Springer Kharraz A, Kirda E(2017) Redemption: Real-time protection against ransomware at end-hosts. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 98–119. Springer
70.
go back to reference Zscaler N (2016) White paper: Ransomware is costing companies millions could it cost you your job? Tech. rep., Zscaler, 110 Rose Orchard Way. CA 95134, USA, San Jose Zscaler N (2016) White paper: Ransomware is costing companies millions could it cost you your job? Tech. rep., Zscaler, 110 Rose Orchard Way. CA 95134, USA, San Jose
71.
go back to reference Sgandurra D, Muñoz-González L, Mohsen R, Lupu EC (2016) Automated Dynamic Analysis of Ransomware: Benefits. Limitations and use for Detection, ArXiv e-prints Sgandurra D, Muñoz-González L, Mohsen R, Lupu EC (2016) Automated Dynamic Analysis of Ransomware: Benefits. Limitations and use for Detection, ArXiv e-prints
77.
go back to reference Chayal NM, Patel NP (2021) Review of Machine Learning and Data Mining Methods to Predict Different Cyberattacks. In: Kotecha K, Piuri V, Shah H, Patel R (eds) Data Science and Intelligent Applications. Lecture Notes on Data Engineering and Communications Technologies, vol 52. Springer, Singapore. https://doi.org/10.1007/978-981-15-4474-3_5.CrossRef Chayal NM, Patel NP (2021) Review of Machine Learning and Data Mining Methods to Predict Different Cyberattacks. In: Kotecha K, Piuri V, Shah H, Patel R (eds) Data Science and Intelligent Applications. Lecture Notes on Data Engineering and Communications Technologies, vol 52. Springer, Singapore. https://​doi.​org/​10.​1007/​978-981-15-4474-3_​5.CrossRef
79.
go back to reference Custers BHM, Oerlemans JJ, Pool R (2020) Laundering the Profits of Ransomware: Money Laundering Methods for Vouchers and Cryptocurrencies. Eur J Crime Criminal Law Criminal Justice 28:121–152CrossRef Custers BHM, Oerlemans JJ, Pool R (2020) Laundering the Profits of Ransomware: Money Laundering Methods for Vouchers and Cryptocurrencies. Eur J Crime Criminal Law Criminal Justice 28:121–152CrossRef
81.
go back to reference Shi Y (2022) Advances in big data analytics: theory, algorithms and practices. Springer Nature Shi Y (2022) Advances in big data analytics: theory, algorithms and practices. Springer Nature
82.
go back to reference Olson DL, Shi Y, Shi Y (2007) Introduction to business data mining, vol 10. McGraw-Hill/Irwin, New York, pp 2250–2254 Olson DL, Shi Y, Shi Y (2007) Introduction to business data mining, vol 10. McGraw-Hill/Irwin, New York, pp 2250–2254
83.
go back to reference Shi Y, Tian Y, Kou G, Peng Y, Li J (2011) Optimization based data mining: theory and applications. Springer Science & Business Media Shi Y, Tian Y, Kou G, Peng Y, Li J (2011) Optimization based data mining: theory and applications. Springer Science & Business Media
84.
go back to reference Janssens J (2021) Data Science at the Command Line. " O’Reilly Media, Inc.“ Janssens J (2021) Data Science at the Command Line. " O’Reilly Media, Inc.“
Metadata
Title
A review on spreading and Forensics Analysis of Windows-Based ransomware
Authors
Narendrakumar Mangilal Chayal
Ankur Saxena
Rijwan Khan
Publication date
08-06-2022
Publisher
Springer Berlin Heidelberg
Published in
Annals of Data Science / Issue 5/2024
Print ISSN: 2198-5804
Electronic ISSN: 2198-5812
DOI
https://doi.org/10.1007/s40745-022-00417-5

Premium Partner