Case Study of Ransomware Malware Hiding Using Obfuscation Methods

Hurtuk, Ján; Chovanec, Martin; Kicina, Michal; Billik, Roman

doi:10.1109/iceta.2018.8572218

Cited by 6 publications

(1 citation statement)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yfuksel, den Hartog, and Etalle [41] described a protocol-aware anomaly detection framework that aims to monitor a network from embedded malware access by scanning a network for SBM and Microsoft Remote Procedure Call (RPC) messages. The work presented in [42] studies the whole life cycle of Ransomware creation, design, and implementation using Dynamic Data Exchange (DDE) in Python scripting language and REST APIs in PHP, with the back-end being a MySQL database. Their study aimed to prove that even though many security measures and several top-quality antivirus programs are currently in use, ransomware authors continue to develop and write dangerous malicious codes that can be distributed easily through connected devices.…”

Section: Ransomware Detectionmentioning

confidence: 99%

Ransomware-Resilient Self-Healing XML Documents

et al. 2022

View full text Add to dashboard Cite

In recent years, various platforms have witnessed an unprecedented increase in the number of ransomware attacks targeting hospitals, governments, enterprises, and end-users. The purpose of this is to maliciously encrypt documents and files on infected machines, depriving victims of access to their data, whereupon attackers would seek some sort of a ransom in return for restoring access to the legitimate owners; hence the name. This cybersecurity threat would inherently cause substantial financial losses and time wastage for affected organizations and users. A great deal of research has taken place across academia and around the industry to combat this threat and mitigate its danger. These ongoing endeavors have resulted in several detection and prevention schemas. Nonetheless, these approaches do not cover all possible risks of losing data. In this paper, we address this facet and provide an efficient solution that would ensure an efficient recovery of XML documents from ransomware attacks. This paper proposes a self-healing version-aware ransomware recovery (SH-VARR) framework for XML documents. The proposed framework is based on the novel idea of using the link concept to maintain file versions in a distributed manner while applying access-control mechanisms to protect these versions from being encrypted or deleted. The proposed SH-VARR framework is experimentally evaluated in terms of storage overhead, time requirement, CPU utilization, and memory usage. Results show that the snapshot size increases proportionately with the original size; the time required is less than 120 ms for files that are less than 1 MB in size; and the highest CPU utilization occurs when using the bzip2. Moreover, when the zip and gzip are used, the memory usage is almost fixed (around 6.8 KBs). In contrast, it increases to around 28 KBs when the bzip2 is used.

show abstract

Section: Ransomware Detectionmentioning

confidence: 99%

Ransomware-Resilient Self-Healing XML Documents

et al. 2022

View full text Add to dashboard Cite

show abstract

Malicious uses of blockchains by malware: from the analysis to Smart-Zephyrus

Gimenez-Aguilar

Fuentes

González-Manzano

2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The permanent availability and relative obscurity of blockchains is the perfect ground for using them for malicious purposes. However, the use of blockchains by malwares has not been characterized yet. This paper analyses the current state of the art in this area. One of the lessons learned is that covert communications for malware have received little attention. To foster further defence-oriented research, a novel mechanism (dubbed Smart-Zephyrus) is built leveraging smart contracts written in Solidity. Our results show that it is possible to hide 4 Kb of secret in 41 s. While being expensive (around USD 1.82 per bit), the provided stealthiness might be worth the price for attackers.

show abstract