Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures

@article{Zimba2019UnderstandingTE,
  title={Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures},
  author={Aaron Zimba and Mumbi Chishimba},
  journal={International Journal of Computer Network and Information Security},
  year={2019}
}
  • Aaron Zimba, Mumbi Chishimba
  • Published 8 January 2019
  • Computer Science
  • International Journal of Computer Network and Information Security
The devasting effects of ransomware have continued to grow over the past two decades which have seen ransomware shift from just being opportunistic attacks to carefully orchestrated attacks. [] Key Method We propose a ransomware categorization framework that classifies the virulence of a given ransomware based on a proposed classification algorithm that is based on data deletion and file encryption attack structures. The categories that increase in severity from CAT1 to CAT5 classify the technical prowess…

Figures and Tables from this paper

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions
TLDR
A comprehensive survey on ransomware and ransomware defense research with respect to PCs/workstations, mobile devices, and IoT/CPS platforms over the period of 1990-2020 is presented, giving a detailed overview of ransomware evolution, and comprehensively analyze the key building blocks of ransomware.
Survey On Ransomware Evolution, Prevention, And Mitigation
TLDR
A brief history of ransomware, the best methods to prevent the infection, how to detect it, and how to recover from this infection is presented.
Ransomware Anti-Analysis and Evasion Techniques: A Survey and Research Directions
TLDR
The anatomy of the malware’s invariant intrusions and infection vectors are illustrated, and the various anti-analysis and evasive techniques that are deployable by Ransomware are analyzed.
On the Effectiveness of Behavior-Based Ransomware Detection
TLDR
A number of techniques to manipulate entropy to match the original file are identified, showing that partial encryption, of as little as 3–5% of a file’s data is sufficient to ransom most file formats.
Game Theoretic Analysis of Ransomware: A Preliminary Study
TLDR
A game-theoretic model is developed to analyze the attack landscape and to determine under what conditions the defender is in a position of advantage to successfully neutralize the attack.
Teaching Cyber Security Topics Effectively in a College or University with Limited Resources
  • C. V. Gonzalez, Gwang Jung
  • Computer Science, Education
    2019 International Conference on Computational Science and Computational Intelligence (CSCI)
  • 2019
TLDR
This paper addresses what resources would be required to develop courses to effectively teach students the cyber security concepts and methods at small colleges or universities with limited resources.
SIMULASI DAN ANALISIS ENCRYPTION BASED RANSOMWARE UNTUK MEMETAKAN EVOLUSI RANSOMWARE
SARI Penelitian dalam paper ini adalah untuk mensimulasikan dan menganalisis ransomware untuk memetakan evolusi dari ransomware tersebut, ransomware yang diteliti adalah WannaCry, Petya, NotPetya dan

References

SHOWING 1-10 OF 30 REFERENCES
RansomTracer: Exploiting Cyber Deception for Ransomware Tracing
TLDR
An auxiliary ransomware traceable system called RansomTracer, which discovers and ensnares the attacker through a network deception environment and uses an auxiliary tracing technology to find the attacker, finally achieving the goal of deterring the ransomware attacker and countering the RDP attack ransomware.
Evolution of ransomware
TLDR
This study examines the pathway from the first clumsy ransomware attempts to the present day sophisticated ransomware attack campaigns and argues that this low-impact extortion, using highly automated methods, has proven very rewarding for the criminals.
The dynamic analysis of WannaCry ransomware
  • Da-Yu Kao, Shou-Ching Hsiao
  • Computer Science
    2018 20th International Conference on Advanced Communication Technology (ICACT)
  • 2018
TLDR
The dynamic analysis of WannaCry ransomware explores behavioural indicators and extracts important IOCs (Indicators of Compromise) and Yara tool to create customized patterns is useful for malware information sharing mechanism.
Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks
TLDR
A long-term study of ransomware attacks that have been observed in the wild between 2006 and 2014 suggests that by looking at I/O requests and protecting Master File Table MFT in the NTFS file system, it is possible to detect and prevent a significant number of zero-day ransomware attacks.
Hobby hackers to billion-dollar industry: the evolution of ransomware
A 0-Day Aware Crypto-Ransomware Early Behavioral Detection Framework
TLDR
This paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.
Improving Backup System Evaluations in Information Security Risk Assessments to Combat Ransomware
TLDR
The ransomware process, functional backup architecture paradigms, their ability to address ransomware attacks, and suggestions to improve the guidance in NIST SP-800-30 and information security risk assessments to better address ransomware threats are reviewed.
Towards Data Resilience: The Analytical Case of Crypto Ransomware Data Recovery Techniques
TLDR
The analyses have led to the conclusion that no matter how devastating a crypto ransomware attack might appear, the key to data recovery options lies in the underlying attack structure and the implemented data deletion methodology.
What Petya/NotPetya Ransomware Is and What Its Remidiations Are
TLDR
The Petya attack is the attack that this paper discusses, especially the most recent version of it, which is referred as NotPetya, which explains how it works, and where and how it spreads.
...
...