An Investigation on Wannacry Ransomware and its Detection

Kumar, M. Satheesh; Ben‐Othman, Jalel; Srinivasagan, K. G.

doi:10.1109/iscc.2018.8538354

Cited by 23 publications

(9 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Spear‐phishing email fraud is specifically designed to get particular information or funds from an individual, organization, or company. Although many of these attacks aim to get confidential data for nefarious reasons, attackers may also want to deploy malware 12 on a targeted user's machine. While the email seems to be from a reputable sender, the receiver is sent to a fake website that contains malicious software instead of the intended recipient's inbox.…”

Section: Resultsmentioning

confidence: 99%

“…Many of the messages within the mail are identical to their actual corresponding object, but obviously, they have a missing domain name or extra subdomains. Most phishing emails are responsible for 94% of ransomware 12 and $132,000 per business email compromise incident. Around 1.5 m new phishing sites are created each month and 76% of businesses reported of being a victim of a phishing attack are implemented by the hackers by sending an email embedded with a malicious URL.When running target applications, users may unwittingly employ injected activities in place of the target apps' activities without realizing they are doing so 13,14 .…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Marimuthu¹,

Gopalasamy²,

Ben‐Othman

2021

Softw Pract Exp

View full text Add to dashboard Cite

In the inevitably hi‐tech universe of cybercrimes, one of the major still prevailing methods is the usage of the malicious URLs and creating a Phishing link to obtain user credentials from the people. This method is highly subtle and has more effect on people's lives as well as corporate loss. To identify the malicious URLs, the security community has listed blacklists and benign links online. Still, as the technology is being developed day by day, the attackers try to create new phishing URLs using new social engineering methods that could be easily forged into the user's account. To improve the generality of malicious URL detectors, machine‐learning techniques have been explored with increasing attention in recent years. This article addresses the detection of malicious URLs combining the intelligence of both the heuristic‐based method and the machine learning process. It has been found that there are many possibilities for detecting zero‐day attacks and spear‐phishing attacks when incorporating both lexical features and machine learning methods. Out of the six‐batch learning process analyzed, we implement a decision tree algorithm in our framework with 99.47% accuracy during evaluation. The true positive values gained in our proposed hybrid framework is 99.2% and indicate <1% of the false‐positive values. The implementation shows a precision level higher than the previous model developed and by other antiphishing techniques. A high detection rate on zero‐day and spear‐phishing attacks and overall results reveal that our system outclasses the current approach to detecting phishing scams.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Marimuthu¹,

Gopalasamy²,

Ben‐Othman

2021

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…Several Advanced Persistent Threats conduct malware campaigns and majorly deliver ransomware. 2 Many sources on the internet predict the damage to cross US $30 billion by end of 2023. Others claim the increase of ransom-based cyber-attacks by 1885% on Governments and by 775% on health-care industry.…”

Section: Introductionmentioning

confidence: 99%

“…This is not only because of a ransom‐ware's high impact but also due to its ability of showing the compromises. Several Advanced Persistent Threats conduct malware campaigns and majorly deliver ransomware 2 . Many sources on the internet predict the damage to cross US $30 billion by end of 2023.…”

Section: Introductionmentioning

confidence: 99%

Understanding impacts of a ransomware on medical and health facilities by utilizing LockBit as a case study

Khan¹

2023

Security and Privacy

View full text Add to dashboard Cite

All forms of data are meant to be secured. The emergence of a variety of techniques and tactics utilized by malware authors has made recovery difficult. LockBit ransomware has been in the news and the APT behind deployment of this ransomware virus has compromised several organizations. It is important to understand the behavior of such malware, to identify the anti‐analysis stuff it performs and to block it. The APT involved compromised several health and medical facilities including AIIMS in India and Sick Kids Hospital in Canada. Ransomwares are highly impactful family of malware. Impacts may begin from confidential medical information being harvested over a C2 and can go up to rendering medical equipment useless. This article discusses compromised entities and defending strategies that can be used to block LockBit ransomware using any generic SIEM tool. It also explains the need for tools that can survive ransomware encryption, a restart command‐line and can detect the behavioral patterns of such malware. Several samples were collected from various sources; the identities of compromise were collected from strings and behavior of those samples. Several detection mechanisms including YARA, SNORT, and generic HUNT rules have also been discussed.

show abstract

“…Vulnerabilities such as the MS17-010 EternalBlue exploit reveal how malware can propagate through corporate and home networks at speed and without user intervention which was a key software component to the propagation of the global WannaCry attack [24]. The arms race of security continues between security analysts and malicious software developers.…”

Section: Introductionmentioning

confidence: 99%

Investigating Malware Propagation and Behaviour Using System and Network Pixel-Based Visualisation

Williams

Legg

2021

SN COMPUT. SCI.

View full text Add to dashboard Cite

Malicious software, known as malware, is a perpetual game of cat and mouse between malicious software developers and security professionals. Recent years have seen many high profile cyber attacks, including the WannaCry and NotPetya ransomware attacks that resulted in major financial damages to many businesses and institutions. Understanding the characteristics of such malware, including how malware can propagate and interact between systems and networks is key for mitigating these threats and containing the infection to avoid further damage. In this study, we present visualisation techniques for understanding the propagation characteristics in dynamic malware analysis. We propose the use of pixel-based visualisations to convey large-scale complex information about network hosts in a scalable and informative manner. We demonstrate our approach using a virtualised network environment, whereby we can deploy malware variants and observe their propagation behaviours. As a novel form of visualising system and network activity data across a complex environment, we can begin to understand visual signatures that can help analysts identify key characteristics of the malicious behaviours, and, therefore, provoke response and mitigation against such attacks.

show abstract

An Investigation on Wannacry Ransomware and its Detection

Cited by 23 publications

References 2 publications

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Intelligent antiphishing framework to detect phishing scam: A hybrid classification approach

Understanding impacts of a ransomware on medical and health facilities by utilizing LockBit as a case study

Investigating Malware Propagation and Behaviour Using System and Network Pixel-Based Visualisation

Contact Info

Product

Resources

About