SALAM Ransomware Behavior Analysis Challenges and Decryption

Yamany, Bahaa; Azer, Marianne A.

doi:10.1109/icicis52592.2021.9694154

“…Yamany et al [22] the experimental work conducted to investigate the behaviour of the SALAM ransomware was detailed, employing both static and dynamic analysis techniques. The authors utilized reverse engineering to identify intriguing strings, imports, and network activities associated with the ransomware.…”

Section: Chen Et Almentioning

confidence: 99%

“…Early detection and prediction of ransomware attacks against industrial control systems Explored opportunities for early detection and prediction of ransomware attacks on industrial control systems using a combination of network traffic analysis and machine learning techniques. Yamany et al [22] 2021 SALAM Ransomware Behavior Analysis Challenges and Decryption…”

Section: Dynamic Analysismentioning

confidence: 99%

Unveiling the Dynamic Landscape of Malware Sandboxing: A Comprehensive Review

Debas,

Alhumam,

Riad

2024

IJACSA

1

0

View full text Add to dashboard Cite

In contemporary times, the landscape of malware analysis has advanced into an era of sophisticated threat detection. Today's malware sandboxes conduct rudimentary analyses and have evolved to incorporate cutting-edge artificial intelligence and machine learning capabilities. These advancements empower them to discern subtle anomalies and recognize emerging threats with a heightened level of accuracy. Moreover, malware sandboxes have adeptly adapted to counteract evasion tactics, creating a more realistic and challenging environment for malicious entities attempting to detect and evade analysis. This paper delves into the maturation of malware sandbox technology, tracing its progression from basic analysis to the intricate realm of advanced threat hunting. At the core of this evolution is the instrumental role played by malware sandboxes in providing a secure and dynamic environment for the in-depth examination of malicious code, contributing significantly to the ongoing battle against evolving cyber threats. In addressing the ongoing challenges of evasive malware detection, the focus lies on advancing detection mechanisms, leveraging machine learning models, and evolving malware sandboxes to create adaptive environments. Future efforts should prioritize the creation of comprehensive datasets, distinguish between legitimate and malicious evasion techniques, enhance detection of unknown tactics, optimize execution environments, and enable adaptability to zero-day malware through efficient learning mechanisms, thereby fortifying cybersecurity defences against emerging threats.

show abstract

“…Further, there's growing interest in how ransomware interacts with file systems-its frequency and methods of accessing, altering, or erasing files [3], [6]. Attention is also being given to analyzing ransomware's network behaviors, particularly focusing on identifying uncommon outbound traffic that may signify attempts at data exfiltration [14], [32]. Additionally, exploring how ransomware circumvents security measures is gaining traction, with studies aimed at understanding and neutralizing its techniques for evading detection by security solutions [19], [16].…”

Section: A Behavioral Analysis Of Ransomwarementioning

confidence: 99%

Entropy and Memory Forensics in Ransomware Analysis: Utilizing LLaMA-7B for Advanced Pattern Recognition

Zhang,

Li,

Zhu

2023

Preprint

0

View full text Add to dashboard Cite

<p>This study investigated the utilization of memory forensics and the Large Language Model LLaMA-7B for the purpose of detecting and analyzing contemporary ransomware. It articulates a shift from traditional encryption-focused ransomware attacks to more sophisticated strategies, like data exfiltration, underscoring the evolving nature of these cyber threats. The methodology involves an integrated approach, combining memory forensic techniques with the advanced pattern recognition capabilities of LLaMA-7B, to identify and analyze ransomware signatures within system memory. The results demonstrate the efficacy of this combination in accurately distinguishing between ransomware and benign software, with a particular focus on identifying data exfiltration activities. Discussions revolve around the challenges of keeping pace with the evolving ransomware tactics and the ethical considerations in applying AI in cybersecurity. The study concludes by underscoring the importance of continuous innovation in cybersecurity strategies and the potential of AI integration in developing dynamic defense mechanisms against ransomware.</p>

show abstract

“…Within this context, memory forensics has come to the forefront as a formidable instrument in the ongoing struggle against ransomware, providing researchers with the means to examine these threats within their operational environment and extract valuable insights from the behaviors they exhibit while active [6], [12]. Furthermore, the integration of Advanced Language Models, such as LLaMA, into the domain of pattern recognition marks a forward-thinking step in the endeavor to pinpoint and comprehend the multifaceted signatures and behaviors exhibited by ransomware, which may have been obfuscated or otherwise challenging to detect [13], [14].…”

Section: Entropy and Memory Forensics In Ransomwarementioning

confidence: 99%

“…Further, there's growing interest in how ransomware interacts with file systems-its frequency and methods of accessing, altering, or erasing files [3], [6]. Attention is also being given to analyzing ransomware's network behaviors, particularly focusing on identifying uncommon outbound traffic that may signify attempts at data exfiltration [14], [32]. Additionally, exploring how ransomware circumvents security measures is gaining traction, with studies aimed at understanding and neutralizing its techniques for evading detection by security solutions [19], [16].…”

Section: A Behavioral Analysis Of Ransomwarementioning

confidence: 99%

Entropy and Memory Forensics in Ransomware Analysis: Utilizing LLaMA-7B for Advanced Pattern Recognition

Zhang,

Li,

Zhu

2023

Preprint

0

View full text Add to dashboard Cite

<p>This study investigated the utilization of memory forensics and the Large Language Model LLaMA-7B for the purpose of detecting and analyzing contemporary ransomware. It articulates a shift from traditional encryption-focused ransomware attacks to more sophisticated strategies, like data exfiltration, underscoring the evolving nature of these cyber threats. The methodology involves an integrated approach, combining memory forensic techniques with the advanced pattern recognition capabilities of LLaMA-7B, to identify and analyze ransomware signatures within system memory. The results demonstrate the efficacy of this combination in accurately distinguishing between ransomware and benign software, with a particular focus on identifying data exfiltration activities. Discussions revolve around the challenges of keeping pace with the evolving ransomware tactics and the ethical considerations in applying AI in cybersecurity. The study concludes by underscoring the importance of continuous innovation in cybersecurity strategies and the potential of AI integration in developing dynamic defense mechanisms against ransomware.</p>

show abstract

SALAM Ransomware Behavior Analysis Challenges and Decryption

Cited by 9 publications

References 13 publications

Unveiling the Dynamic Landscape of Malware Sandboxing: A Comprehensive Review

Unveiling the Dynamic Landscape of Malware Sandboxing: A Comprehensive Review

Entropy and Memory Forensics in Ransomware Analysis: Utilizing LLaMA-7B for Advanced Pattern Recognition

Entropy and Memory Forensics in Ransomware Analysis: Utilizing LLaMA-7B for Advanced Pattern Recognition

Contact Info

Product

Resources

About