Skip to main content
main-content

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

2020 | OriginalPaper | Buchkapitel

NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

verfasst von : Ziya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan

Erschienen in: Emerging Technologies for Authorization and Authentication

Verlag: Springer International Publishing

share
TEILEN

Abstract

Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have pros and cons. However, three requirements concern them all: their implementation must be secure, be effective, and be efficient. Recently, Genç et al. proposed to stop a specific class of ransomware, the cryptographically strong one, by blocking unauthorized calls to cryptographically secure pseudo-random number generators, which are required to build strong encryption keys. Here, in adherence to the requirements, we discuss an implementation of that solution that is more secure (with components that are not vulnerable to known attacks), more effective (with less false negatives in the class of ransomware addressed) and more efficient (with minimal false positive rate and negligible overhead) than the original, bringing its security and technological readiness to a higher level.
Fußnoten
1
VirusTotal Threat Intelligence, https://​virustotal.​com.
 
2
Cuckoo Sandbox – Automated Malware Analysis, https://​cuckoosandbox.​org/​.
 
Literatur
2.
Zurück zum Zitat Bajpai, P., Sood, A.K., Enbody, R.: A key-management-based taxonomy for ransomware. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–12, May 2018 Bajpai, P., Sood, A.K., Enbody, R.: A key-management-based taxonomy for ransomware. In: 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–12, May 2018
3.
Zurück zum Zitat Bui, T., Rao, S.P., Antikainen, M., Bojan, V.M., Aura, T.: Man-in-the-machine: exploiting ill-secured communication inside the computer. In: 27th USENIX Security Symposium, pp. 1511–1525. USENIX Association, Baltimore (2018) Bui, T., Rao, S.P., Antikainen, M., Bojan, V.M., Aura, T.: Man-in-the-machine: exploiting ill-secured communication inside the computer. In: 27th USENIX Security Symposium, pp. 1511–1525. USENIX Association, Baltimore (2018)
4.
Zurück zum Zitat Continella, A., et al.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd A Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016) Continella, A., et al.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd A Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016)
5.
Zurück zum Zitat Cormac, H.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 New Security Paradigm Workshop (NSPW), 8–11 September 2009, Oxford, United Kingdom, pp. 133–144. ACM (2009) Cormac, H.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 New Security Paradigm Workshop (NSPW), 8–11 September 2009, Oxford, United Kingdom, pp. 133–144. ACM (2009)
10.
Zurück zum Zitat Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: Security analysis of key acquiring strategies used by cryptographic ransomware. In: Proceedings of the Central European Cybersecurity Conference 2018, CECC 2018, pp. 7:1–7:6. ACM, New York (2018) Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: Security analysis of key acquiring strategies used by cryptographic ransomware. In: Proceedings of the Central European Cybersecurity Conference 2018, CECC 2018, pp. 7:1–7:6. ACM, New York (2018)
12.
Zurück zum Zitat Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017 Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017
14.
Zurück zum Zitat Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017) Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017)
21.
Zurück zum Zitat Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016 Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016
Metadaten
Titel
NoCry: No More Secure Encryption Keys for Cryptographic Ransomware
verfasst von
Ziya Alper Genç
Gabriele Lenzini
Peter Y. A. Ryan
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-39749-4_5

Premium Partner