Demystifying Ransomware Attacks: Reverse Engineering and Dynamic Malware Analysis of WannaCry for Network and Information Security

Zimba, Aaron; Simukonda, Luckson; Chishimba, Mumbi

doi:10.33260/zictjournal.v1i1.19

Cited by 17 publications

(13 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To speed up the reverse engineering process, they further proposed a technique of clone-based analysis. In another study, Zimba et al [30] conducted reverse engineering to decode the ransomware code. Outcome from their study shows that despite robust encryption, the ransomware utilizes the very same attack mechanism and cryptographic abstractions as with other families in the wild.…”

Section: Reverse Engineeringmentioning

confidence: 99%

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

Kumar¹,

Alenezi²,

Ansari³

et al. 2020

IJIES

View full text Add to dashboard Cite

Nowadays, most of the cyber-attacks are initiated by extremely malicious programs known as Malware. Malwares are very vigorous and can penetrate the security of information and communication systems. While there are different techniques available for malware analysis, it becomes challenging to select the most effective approach. In this context, the decision-making process may be an efficient means of empirically assessing the impact of different methods for securing the web applications. In this research study, we have used a methodology that includes the integration of Fuzzy AHP and Fuzzy TOPSIS technique for evaluating the impact of different malware analysis techniques in web application perspective. This study uses different versions of a university’s web application for evaluating the impact of several existing malware analysis techniques. The findings of the study show that the Reverse Engineering approach is the most efficient technique for analyzing complex malware. The outcome of this study would definitely aid the future researchers and developers in selecting the appropriate techniques for scanning the web application code and enhancing the security.

show abstract

Section: Reverse Engineeringmentioning

confidence: 99%

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

Kumar¹,

Alenezi²,

Ansari³

et al. 2020

IJIES

View full text Add to dashboard Cite

show abstract

“…The main gap in the literature is that there is little research focused on performing network-based analysis or detection of crypto ransomware [21] to extract potential behavioral features that can help to detect the attack before unleashing its payload. Conversely, research such as [22]- [26] only deal with extracting host-based features to detect the ransomware. In this paper, a thorough dynamic analysis of network traffic is carried out using Wireshark, and 18 network features from several protocols are extracted.…”

Section: Related Workmentioning

confidence: 99%

A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware

et al. 2019

View full text Add to dashboard Cite

Ransomware is a type of advanced malware that has spread rapidly in recent years, causing significant financial losses for a wide range of victims, including organizations, healthcare facilities, and individuals. Modern host-based detection methods require the host to be infected first in order to identify anomalies and detect the malware. By the time of infection, it can be too late as some of the system's assets would have been already exfiltrated or encrypted by the malware. Conversely, the network-based methods can be effective in detecting ransomware attacks, as most ransomware families try to connect to command and control servers before their harmful payloads are executed. Therefore, a careful analysis of ransomware network traffic can be one of the key means for early detection. This paper demonstrates a comprehensive behavioral analysis of crypto ransomware network activities, taking Locky, one of the most serious families, as a case study. A dedicated testbed was built, and a set of valuable and informative network features were extracted and classified into multiple types. A network-based intrusion detection system was implemented, employing two independent classifiers working in parallel on different levels: packet and flow levels. The experimental evaluation of the proposed detection system demonstrates that it offers high detection accuracy, low false positive rate, valid extracted features, and is highly effective in tracking ransomware network activities.

show abstract

“…In the field of Internet, the recent frequent extortion of ransomware, such as Wannacry, Petya, Scarab, etc., has caused great losses to individuals and enterprises [25][26][27]. For rumor spreading, ordinary users often receive opinions from opinion leaders and people they are familiar with; it is a challenging problem to evaluate the influence of different information spreading ways on user adoption.…”

Section: Dynamics On Complexmentioning

confidence: 99%

Dynamics on Hybrid Complex Network: Botnet Modeling and Analysis of Medical IoT

Yin

Chen

Wang

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

With the rapid development of Internet of things technology, the application of intelligent devices in the medical industry has become ubiquitous. Connected devices have revolutionized clinicians and patient care but also made modern hospitals vulnerable to cyber attacks. Among the security risks, botnets are of particular concern, which can be used to control thousands of devices for remote data theft and equipment destruction. In this paper, we propose a non-Markovian spread dynamics model to understand the effects of botnet propagation, which can characterize the hybrid contagion situation in reality. Based on the Susceptible-Adopted-Recovered model, we introduce nonredundant memory spread mechanism for global propagation, as a tuner to adjust spreading rate difference. For describing the proposed model, we extend a heterogeneous edge-based compartmental theory. Through extensive numerical simulations, we reveal that the growth pattern of the final adoption size versus the information transmission probability is discontinuous and how the final adoption size is affected by hybrid ratio α, global scope control factor ϵ, accumulated received information threshold T, and other parameters on ER network. Furthermore, we give the theory and simulation result on BA network and also compare the two hybrid methods—single infection in one time slice and double infections in one time slice—to evaluate the influence on final adoption size. We found in SIOT hybrid contagion scenario the final adoption size shows the phenomenon of a decline followed by an increase versus different hybrid ratio, and it is both verified in theory and numerical simulation. Through validation by thousands of experiments, our developed theory agrees well with the numerical simulations.

show abstract

Demystifying Ransomware Attacks: Reverse Engineering and Dynamic Malware Analysis of WannaCry for Network and Information Security

Cited by 17 publications

References 11 publications

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware

Dynamics on Hybrid Complex Network: Botnet Modeling and Analysis of Medical IoT

Contact Info

Product

Resources

About