Next Generation Cryptographic Ransomware

[en] We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective.

Centre de recherche :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)

Disciplines :

Sciences informatiques

Auteur, co-auteur :

GENÇ, Ziya Alper ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

RYAN, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Co-auteurs externes :

Langue du document :

Anglais

Titre :

Next Generation Cryptographic Ransomware

Date de publication/diffusion :

2018

Nom de la manifestation :

23rd Nordic Conference on Secure IT Systems (NordSec 2018)

Organisateur de la manifestation :

University of Oslo

Lieu de la manifestation :

Oslo, Norvège

Date de la manifestation :

from 28-11-2018 to 30-11-2018

Manifestation à portée :

International

Titre de l'ouvrage principal :

Proceedings of the Secure IT Systems

Maison d'édition :

Springer International Publishing, Cham, Suisse

ISBN/EAN :

978-3-030-03637-9

Pagination :

385-401

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

URL complémentaire :

https://link.springer.com/chapter/10.1007/978-3-030-03638-6_24

Disponible sur ORBilu :

depuis le 02 décembre 2018

Statistiques

Nombre de vues

325 (dont 14 Unilu)

Nombre de téléchargements

787 (dont 8 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

Bibliographie

Barkly: 2017 Ransomware Report. Technical report. Barkly (2017)
Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Darwin, I.: Fine Free File Command (2010). http://www.darwinsys.com/file/
Deibert, R., Crete-Nishihata, M.: Blurred boundaries: probing the ethics of cyberspace research. Rev. Policy Res. 28(5), 531–537 (2011)
Directorate-General for Research and Innovation: Ethics for Researchers Facilitating Research Excellence in FP7. Technical report. European Commission, July 2013
Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: Proceedings of the 22nd International Conference on Distributed Computing Systems, pp. 617–624. IEEE, Washington, DC (2002)
Eastlake D.: Publicly Verifiable Nominations Committee (NomCom) Random Selection. RFC 3797, June 2004. https://tools.ietf.org/pdf/rfc3797.pdf
Fisher, R.A., Yates, F.: Statistical Tables for Biological, Agricultural and Medical Research. Oliver and Boyd, Oxford (1938)
Binetti, G., Davoudi, A., Naso, D., Turchiano, B., Lewis, F.L.: A distributed auction-based algorithm for the nonconvex economic dispatch problem. IEEE Trans. Ind. Inf. 10(2), 1124–1132 (2014)
Herrera-Flanigan, J.R., Ghosh, S.: Criminal regulations. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, pp. 265–308. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-13547-7 16
Hirschberg, B., Kravchik, M., Haenel, A., Solow, H.: Ransomware Key Extractor and Recovery System, April 2016. https://patentscope.wipo.int/search/en/detail. jsf?docId=US215058675
Kaspersky: KSN Report-Ransomware in 2014–2016. Technical report. Kaspersky (2016)
Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium, pp. 757–772. USENIX Association, Austin (2016)
Binetti, G., Davoudi, A., Naso, D., Turchiano, B., Lewis, F.L.: A distributed auction-based algorithm for the nonconvex economic dispatch problem. IEEE Trans. Ind. Inf. 10(2), 1124–1132 (2014)
Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017
Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017)
Lee, K., Oh, I., Yim, K.: Ransomware-prevention technique using key backup. In: Jung, J.J., Kim, P. (eds.) BDTA 2016. LNICST, vol. 194, pp. 105–114. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58967-1 12
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)
Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70290-2 12
Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto API. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 11–28. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0 2
Rogaway, P.: The Moral Character of Cryptographic Work. Cryptology ePrint Archive, Report 2015/1162 (2015). https://eprint.iacr.org/2015/1162
Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2 15
Roussev, V., Quates, C.: The sdhash tutorial (2013). http://roussev.net/sdhash/tutorial/03-quick.html
Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: CryptoLock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016
Stark, P.B.: Pseudo-Random Number Generator using SHA-256. https://www. stat.berkeley.edu/∼stark/Java/Html/sha256Rand.htm
Morgan, S.: 2017 Cybercrimes Report. Technical report. Cybersecurity Ventures (2017)
Sullins, J.P.: A case study in malware research ethics education: when teaching bad is good. In: Proceedings of IEEE Security & Privacy, San Jose, CA, USA, 17–18 May 2014. IEEE computer society (2014)
Symantec Corporation: Internet Security Threat Report. Technical report, April 2018
Touchette, F.: The evolution of malware. Netw. Secur. 2016(1), 11–14 (2016)