Mumbi Chishimba scite author profile

Encryption has protected the Internet for some time now and it has come to raise user trust on the otherwise unsecure Internet. However, recent years have seen the use of robust encryption as stepping stone for cyber-criminal activities. Ransomware has not escaped the headlines even as it has attacked almost every sector of the society using a myriad of infection vectors. Mission critical data has been held to ransom and victims have had to part away with millions of dollars. The advent of the anonymous Bitcoin network has made matters worse where it’s been virtually infeasible to trace the perpetrators. In this paper, we endeavor to perform dynamic analysis of WannaCry ransomware samples based on malwarefree infection vectors. Further, we perform reverse-engineering to dissect the ransomware code for further analysis. Results show that despite the use of resilient encryption, the ransomware like other families in the wild uses the same attack structure and cryptographic primitives. Our analysis leads us to the conclusion that this ransomware strain isn't as complex as previously reported. This detailed practical analysis tries to raise awareness to the business community on the realities and importance of IT security whilst hinting on prevention, recovery and the limitations thereof.

show abstract

Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures

Zimba¹,

Chishimba²

2019

IJCNIS

View full text Add to dashboard Cite

The devasting effects of ransomware have continued to grow over the past two decades which have seen ransomware shift from just being opportunistic attacks to carefully orchestrated attacks. Individuals and business organizations alike have continued to fall prey to ransomware where victims have been forced to pay cybercriminals even up to $1 million in a single attack whilst others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyber threat to enterprise systems that can no longer be ignored. In this paper, we address the evolution of the ransomware and the associated paradigm shifts in attack structures narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems. We model the security state of the ransomware attack process as transitions of a finite state machine where state transitions depict breaches of confidentiality, integrity, and availability. We propose a ransomware categorization framework that classifies the virulence of a given ransomware based on a proposed classification algorithm that is based on data deletion and file encryption attack structures. The categories that increase in severity from CAT1 to CAT5 classify the technical prowess and the overall effectiveness of potential ways of retaining the data without paying the ransom demand. We evaluate our modeling approach with a WannaCry attack use case and suggest mitigation strategies and recommend best practices based on these models.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mumbi Chishimba

Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics

A Survey of Android Mobile Phone Authentication Schemes

On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems

Demystifying Ransomware Attacks: Reverse Engineering and Dynamic Malware Analysis of WannaCry for Network and Information Security

Understanding the Evolution of Ransomware: Paradigm Shifts in Attack Structures

Contact Info

Product

Resources

About