nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Next Generation Cryptographic Ransomware

verfasst von : Ziya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan

Erschienen in: Secure IT Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We are assisting at an evolution in the ecosystem of cryptoware —the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Evaluation of Cybersecurity Management Controls and Metrics of Critical Infrastructures: A Literature Review Considering the NIST Cybersecurity Framework

Nächstes Kapitel Hardware-Assisted Program Execution Integrity: HAPEI

Barkly, Must-Know Ransomware Statistics 2018, https://blog.barkly.com/ransomware-statistics-2018.

For this reason, some does not even consider them be ransomware; they are however cryptoware, and therefore in the scope of this paper’s research.

This work focuses on the cryptographic aspects of ransomware. Other malicious operations, e.g., spreading over network, are out of the scope of this paper.

Actually, ransomware might try to inject malicious code into other processes. In this case, memory of the encrypting process is dumped.

VirtualBox, https://www.virtualbox.org/.

Compiled from source available at: https://github.com/BUseclab/paybreak.

Downloaded from http://people.rennes.inria.fr/Aurelien.Palisse/DaD.html.

This paper analyzes the academic paper version of CryptoDrop [25]. The software available at https://www.cryptodrop.org/ is a proprietary & commercial product, and its source code is not available. It may include undocumented measures other than the ones in the academic paper, therefore, we could not inspect the code nor analyze the actual implementation in this study.

ENT: A Pseudorandom Number Sequence Test Program, http://www.fourmilab.ch/random/.

For more information, please visit https://wwwen.uni.lu/research/chercheurs_recherche/standards_policies.

Available at https://www.acm.org/code-of-ethics.

Barkly: 2017 Ransomware Report. Technical report. Barkly (2017)

Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016)

Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4CrossRefMATH

Darwin, I.: Fine Free File Command (2010). http://www.darwinsys.com/file/

Deibert, R., Crete-Nishihata, M.: Blurred boundaries: probing the ethics of cyberspace research. Rev. Policy Res. 28(5), 531–537 (2011)CrossRef

Directorate-General for Research and Innovation: Ethics for Researchers Facilitating Research Excellence in FP7. Technical report. European Commission, July 2013

Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: Proceedings of the 22nd International Conference on Distributed Computing Systems, pp. 617–624. IEEE, Washington, DC (2002)

Eastlake 3rd, D.: Publicly Verifiable Nominations Committee (NomCom) Random Selection. RFC 3797, June 2004. https://tools.ietf.org/pdf/rfc3797.pdf

Fisher, R.A., Yates, F.: Statistical Tables for Biological, Agricultural and Medical Research. Oliver and Boyd, Oxford (1938)MATH

10.

Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234–255. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93411-2_11CrossRef

11.

Herrera-Flanigan, J.R., Ghosh, S.: Criminal regulations. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, pp. 265–308. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-13547-7_16CrossRef

12.

Hirschberg, B., Kravchik, M., Haenel, A., Solow, H.: Ransomware Key Extractor and Recovery System, April 2016. https://patentscope.wipo.int/search/en/detail.jsf?docId=US215058675

13.

Kaspersky: KSN Report - Ransomware in 2014–2016. Technical report. Kaspersky (2016)

14.

Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium, pp. 757–772. USENIX Association, Austin (2016)

15.

Kharraz, A., Kirda, E.: Redemption real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_5CrossRef

16.

Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017

17.

Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017)

18.

Lee, K., Oh, I., Yim, K.: Ransomware-prevention technique using key backup. In: Jung, J.J., Kim, P. (eds.) BDTA 2016. LNICST, vol. 194, pp. 105–114. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58967-1_12CrossRef

19.

Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)CrossRef

20.

Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70290-2_12CrossRef

21.

Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto API. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 11–28. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0_2CrossRef

22.

Rogaway, P.: The Moral Character of Cryptographic Work. Cryptology ePrint Archive, Report 2015/1162 (2015). https://eprint.iacr.org/2015/1162

23.

Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_15CrossRef

24.

Roussev, V., Quates, C.: The sdhash tutorial (2013). http://roussev.net/sdhash/tutorial/03-quick.html

25.

Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: CryptoLock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016

26.

Stark, P.B.: Pseudo-Random Number Generator using SHA-256. https://www.stat.berkeley.edu/~stark/Java/Html/sha256Rand.htm

27.

Morgan, S.: 2017 Cybercrimes Report. Technical report. Cybersecurity Ventures (2017)

28.

Sullins, J.P.: A case study in malware research ethics education: when teaching bad is good. In: Proceedings of IEEE Security & Privacy, San Jose, CA, USA, 17–18 May 2014. IEEE computer society (2014)

29.

Symantec Corporation: Internet Security Threat Report. Technical report, April 2018

30.

Touchette, F.: The evolution of malware. Netw. Secur. 2016(1), 11–14 (2016)CrossRef

Titel: Next Generation Cryptographic Ransomware
verfasst von: Ziya Alper Genç
Gabriele Lenzini
Peter Y. A. Ryan
Verlag: Springer International Publishing
Buch: Secure IT Systems
Print ISBN: 978-3-030-03637-9

Electronic ISBN: 978-3-030-03638-6

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-03638-6_24

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"