Next Generation Cryptographic Ransomware

[en] We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)

Disciplines :

Computer science

Author, co-author :

Genç, Ziya Alper ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Lenzini, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Ryan, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

Language :

English

Title :

Next Generation Cryptographic Ransomware

Publication date :

2018

Event name :

23rd Nordic Conference on Secure IT Systems (NordSec 2018)

Event organizer :

University of Oslo

Event place :

Oslo, Norway

Event date :

from 28-11-2018 to 30-11-2018

Audience :

International

Main work title :

Proceedings of the Secure IT Systems

Publisher :

Springer International Publishing, Cham, Switzerland

ISBN/EAN :

978-3-030-03637-9

Pages :

385-401

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://link.springer.com/chapter/10.1007/978-3-030-03638-6_24

Available on ORBilu :

since 02 December 2018

Statistics

Number of views

216 (13 by Unilu)

Number of downloads

693 (8 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Barkly: 2017 Ransomware Report. Technical report. Barkly (2017)
Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Darwin, I.: Fine Free File Command (2010). http://www.darwinsys.com/file/
Deibert, R., Crete-Nishihata, M.: Blurred boundaries: probing the ethics of cyberspace research. Rev. Policy Res. 28(5), 531–537 (2011)
Directorate-General for Research and Innovation: Ethics for Researchers Facilitating Research Excellence in FP7. Technical report. European Commission, July 2013
Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: Proceedings of the 22nd International Conference on Distributed Computing Systems, pp. 617–624. IEEE, Washington, DC (2002)
Eastlake D.: Publicly Verifiable Nominations Committee (NomCom) Random Selection. RFC 3797, June 2004. https://tools.ietf.org/pdf/rfc3797.pdf
Fisher, R.A., Yates, F.: Statistical Tables for Biological, Agricultural and Medical Research. Oliver and Boyd, Oxford (1938)
Binetti, G., Davoudi, A., Naso, D., Turchiano, B., Lewis, F.L.: A distributed auction-based algorithm for the nonconvex economic dispatch problem. IEEE Trans. Ind. Inf. 10(2), 1124–1132 (2014)
Herrera-Flanigan, J.R., Ghosh, S.: Criminal regulations. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, pp. 265–308. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-13547-7 16
Hirschberg, B., Kravchik, M., Haenel, A., Solow, H.: Ransomware Key Extractor and Recovery System, April 2016. https://patentscope.wipo.int/search/en/detail. jsf?docId=US215058675
Kaspersky: KSN Report-Ransomware in 2014–2016. Technical report. Kaspersky (2016)
Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium, pp. 757–772. USENIX Association, Austin (2016)
Binetti, G., Davoudi, A., Naso, D., Turchiano, B., Lewis, F.L.: A distributed auction-based algorithm for the nonconvex economic dispatch problem. IEEE Trans. Ind. Inf. 10(2), 1124–1132 (2014)
Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017
Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017)
Lee, K., Oh, I., Yim, K.: Ransomware-prevention technique using key backup. In: Jung, J.J., Kim, P. (eds.) BDTA 2016. LNICST, vol. 194, pp. 105–114. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58967-1 12
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)
Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70290-2 12
Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto API. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 11–28. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0 2
Rogaway, P.: The Moral Character of Cryptographic Work. Cryptology ePrint Archive, Report 2015/1162 (2015). https://eprint.iacr.org/2015/1162
Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2 15
Roussev, V., Quates, C.: The sdhash tutorial (2013). http://roussev.net/sdhash/tutorial/03-quick.html
Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: CryptoLock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016
Stark, P.B.: Pseudo-Random Number Generator using SHA-256. https://www. stat.berkeley.edu/∼stark/Java/Html/sha256Rand.htm
Morgan, S.: 2017 Cybercrimes Report. Technical report. Cybersecurity Ventures (2017)
Sullins, J.P.: A case study in malware research ethics education: when teaching bad is good. In: Proceedings of IEEE Security & Privacy, San Jose, CA, USA, 17–18 May 2014. IEEE computer society (2014)
Symantec Corporation: Internet Security Threat Report. Technical report, April 2018
Touchette, F.: The evolution of malware. Netw. Secur. 2016(1), 11–14 (2016)