DOCSLIB.ORG

Nirupan: an E-Journal of RBIMS Vol. 1, No. 2 ISSN: 2395-7123 Nirupan: an E-Journal of RBIMS Vol

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Nirupan: an E-Journal of RBIMS Vol. 1, No. 2 ISSN: 2395-7123 Nirupan: an E-Journal of RBIMS Vol Nirupan: An e-Journal of RBIMS Vol. 1, No. 2 ISSN: 2395-7123 Nirupan: An e-Journal of RBIMS Vol. 1, No. 2 ISSN: 2395-7123 Analysis of Malwares and Crypto-Ransomware aDeepika G. Vaghela bSweta Dargad aAssistant Professor - Computer Science & Engineering Department, ITM Universe, Vadodara. bAssistant Professor - Computer Science & Engineering Department, ITM Universe, Vadodara Abstract — Ransomware which is a family of Among the most popular variants of ransomware, it malware that takes files on a PC or network is estimated that CryptoLocker and CryptoWall have storage, encrypts them, and then extorts money to collected millions of dollars from its victims. unlock the files is often called CryptoLocker, CryptoDefense or CryptoWall. Ransomware is one of Key highlights from the analysis include: the most widespread and damaging threats that internet users face today. • Ransomware proliferates through new attack vectors, such as malwartising, employing anti- Keywords — Crypto-Ransomware, encryption, analysis and persistence techniques to ensure decryption, Private key, Cryptography, system compromise Kryloggers . • Advanced encryption algorithms, such as I. INTRODUCTION RSA and AES, prevent decryption without the key This danger is supposed crypto-ransomware • Ransomware has shifted its attention to the (ransomware) and includes at littlest a half-dozen enterprise, targeting more than 230 file types variants, including CryptoLocker and CryptoWall. (up 200 percent from 70 file types in 2013) Ransomware shows picayune Very light of dim with a view familiar detection-based support, such as There are 11 types of malware which is antivirus, has proven ineffective at preventing mentioned below. the pretend to. In surely, ransomware has been 1. Adware : The least dangerous and most proliferationin handsomeness in compensation it lucrative Malware. Adware displays ads on crafty appeared in September 2013, your computer. ,leveraging original attack vector, embracing advanced encryption algorithms and expanding the 2. Spyware:. Spyware is software that spies on number of file types it targets. you, tracking your internet activities in order to send advertising (Adware) back to your system. Trojan attacks turn this way strive 3. Virus: A virus is a contagious program or code for to route origination and annex astute answer, that attaches itself to another piece of software, such as credit card numbers and bank account and then reproduces itself when that software is credentials. run. Most often this is spread by sharing In preference to, force ware unreservedly makes software or files between computers. its illusion make public by encrypting stationery and demanding payment for the keys to unlock them. 4. Worm: A program that replicates itself and destroys data and files on the computer. Worms Victims of the trouble may consent work to “eat” the system operating files and to consternation or be leery of, hence they data files until the drive is empty. are forced to spare the compel to put an end to the endanger, forever without reporting the crime 5. Trojan: The most dangerous Malware. Trojans in order to avoid further embarrassment. are written with the purpose of discovering your financial information, taking over your computer‟s system resources, and in larger systems creating a “denial-of-service attack” Denial-of-service attack: an attempt to 1 Nirupan: An e-Journal of RBIMS Vol. 1, No. 2 ISSN: 2395-7123 make a machine or network resource search activity and give you the results the unavailable to those attempting to reach it. developers want you to see. Its intention is to Example: AOL, Yahoo or your business make money off your web surfing. Using this network becoming unavailable. homepage and not removing the Malware lets the source developers capture your surfing interests. 6. Rootkit: This one is likened to the burglar hiding This is especially dangerous when banking or in the attic, waiting to take from you while you shopping online. These homepages can look are not home. It is the hardest of all Malware to harmless, but in every case they allow other more detect and therefore to remove; many experts infectious recommend completely wiping your hard drive There are two types of ransomware and reinstalling everything from scratch. It is designed to permit the other information 1) Encrypting ransomware, which incorporates gathering Malware in to get the identity advanced encryption algorithms. It‟s information from your computer without you designed to block system files and demand realizing anything is going on. payment to provide to provide the victim with the key that can decrypt the blocked 7. Backdoors: Backdoors are much the same as content. Trojans or worms, except that they open a Examples include CryptoLocker[2], Locky, “backdoor” onto a computer, providing a CrytpoWall[3] and more. network connection for hackers or other Malware 2) Locker ransomware, which locks the victim to enter or for viruses or SPAM to be sent. out of the operating system, making it impossible to access the desktop and any 8. Keyloggers: Records everything you type on apps or files. The files are not encrypted in your PC in order to glean your log-in names, this case, but the attackers still ask for a passwords, and other sensitive information, and ransom to unlock the infected computer. send it on to the source of the keylogging Example include the police-themed program. Many times keyloggers are used by ransomware or Winlocker. corporations and parents to acquire computer usage information. II. KEY CHARACTERISTICS 9. Rogue security software: This one deceives or misleads users. It pretends to be a good program Crypto-ransomware is rather different from to remove Malware infections, but all the while it is the Malware. Often it will turn off the real traditional malware: Anti-Virus software. The next image shows the typical screen for this Malware program, • It doesn‟t steal victim‟s information—instead it Antivirus 2010 makes it impossible to access your information 10. Ransomware: If you see this screen that warns • It doesn‟t try to remain stealthy after files are you that you have been locked out of your encrypted because detection won‟t restore the lost computer until you pay for your cybercrimes. data Your system is severely infected with a form of Malware called Ransomware. It is not a real • It‟s relatively easy to produce—there are a notification from the FBI, but, rather an infection number of well-documented crypto-libraries of the system itself. Even if you pay to unlock the system, the system is unlocked, but you are not III. TIMELINE AND DATASET free of it locking you out again. The request for money, usually in the hundreds of dollars is Given Figure shows the dataset and how the completely fake. malware raise their intensity with time. The given dates are based on various reports, coupled with 11. Browser Hijacker: When your homepage our own analysis. changes to one that looks like those in the images inserted next, you may have been infected with one form or another of a Browser Hijacker. This dangerous Malware will redirect your normal 2 Nirupan: An e-Journal of RBIMS Vol. 1, No. 2 ISSN: 2395-7123 4. Watch out for spam and phishing emails. For example, the post office will never send a document as a .zip file. And so-called legal documents that ask you to “enable content” are traps. Businesses should also use a good email filtering system, disable macro scripts from Office files received via email, and educate employees on current spam and phishing schemes. Fig 1: Diagram for Dataset and Timeline[11] CryptoLocker surfaced in the fall of 2013, and remained among the most widespread of the crypto-ransomware families until mid-2014 [2]. CryptoWall surfaced towards the end of 2013 [3], but didn‟t become prominent until 2014 . New strains of CryptoWall have appeared as recently as last month (October 2014). Critroni behaves similarly to CryptoWall— they both require using the TOR browser to make payments, and they both were prominent around the summer of 2014 [5]. Our sample of DirtyDecrypt outdates CryptoLocker, appearing in the summer of 2013—a few months before CryptoLocker became prominent[4]. This sample only targets and encrypts eight different file formats, which makes sense due to it being among the earliest iterations of ransomware. Steps to protect against Ransomware for businesses and consumers: 1. Take regular backups of files, and test them to make sure they‟re reliable. In case you do get hit, you won‟t be put in the difficult position of Fig 2: Diagram or Structure of Ransomware deciding whether to pay. Deployment [8]. 2. Keep all software up to date. Ransomware 1. Establish the Intial access : In this scenario , often infects by taking advantage of security the access to the victim‟s computer/device has flaws in outdated software, so keeping software establish with ransomware through network or current will go a long way. with some legal tools. This connection will start the first step to enter into the victim‟s device. 3. Use robust security software that employs a 2. Escalate Privileges: requires the attacker to layered approach to block known threats as well grant himself higher privileges. as brand new threats that haven‟t yet been seen. 3 Nirupan: An e-Journal of RBIMS Vol. 1, No. 2 ISSN: 2395-7123 2. Identify Backup, snapshot & DR system: When [6] Valach, Anthony P. "What to Do After a ransomware has granted to enter into victim‟s Ransomware Attack." Risk Management 63.5 (2016): device then have to find out the location of 12. backup, snapshot etc so it can easily attack on [7] Jakobsson, Markus, and Zulfikar data. Ramzan. Crimeware: understanding new attacks and 3. Identify mission critical system & data defenses. Addison-Wesley Professional, 2008. 4.
Load more

Recommended publications
  • Software Assurance
    Information Assurance State-of-the-Art Report Technology Analysis Center (IATAC) SOAR (SOAR) July 31, 2007 Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance Distribution Statement A E X C E E C L I L V E R N E Approved for public release; C S E I N N I IO DoD Data & Analysis Center for Software NF OR MAT distribution is unlimited. Information Assurance Technology Analysis Center (IATAC) Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance State-of-the-Art Report (SOAR) July 31, 2007 IATAC Authors: Karen Mercedes Goertzel Theodore Winograd Holly Lynne McKinley Lyndon Oh Michael Colon DACS Authors: Thomas McGibbon Elaine Fedchak Robert Vienneau Coordinating Editor: Karen Mercedes Goertzel Copy Editors: Margo Goldman Linda Billard Carolyn Quinn Creative Directors: Christina P. McNemar K. Ahnie Jenkins Art Director, Cover, and Book Design: Don Rowe Production: Brad Whitford Illustrations: Dustin Hurt Brad Whitford About the Authors Karen Mercedes Goertzel Information Assurance Technology Analysis Center (IATAC) Karen Mercedes Goertzel is a subject matter expert in software security assurance and information assurance, particularly multilevel secure systems and cross-domain information sharing. She supports the Department of Homeland Security Software Assurance Program and the National Security Agency’s Center for Assured Software, and was lead technologist for 3 years on the Defense Information Systems Agency (DISA) Application Security Program. Ms. Goertzel is currently lead author of a report on the state-of-the-art in software security assurance, and has also led in the creation of state-of-the-art reports for the Department of Defense (DoD) on information assurance and computer network defense technologies and research.
    [Show full text]
  • 0.1 Problems
    0.1. PROBLEMS 1 0.1 Problems 1. Among the fundamental challenges in information security are confi- dentiality, integrity, and availability, or CIA. a. Define each of these terms: confidentiality, integrity, availability. b. Give a concrete example where confidentiality is more important than integrity. c. Give a concrete example where integrity is more important than confidentiality. d. Give a concrete example where availability is the overriding con- cern. 2. From a bank's perspective, which is usually more important, the in- tegrity of its customer's data or the confidentiality of the data? From the perspective of the bank's customers, which is more important? 3. Instead of an online bank, suppose that Alice provides an online chess playing service known as Alice's Online Chess (AOC). Players, who pay a monthly fee, log into AOC where they are matched with another player of comparable ability. a. Where (and why) is confidentiality important for AOC and its customers? b. Why is integrity necessary? c. Why is availability an important concern? 4. Instead of an online bank, suppose that Alice provides an online chess playing service known as Alice's Online Chess (AOC). Players, who pay a monthly fee, log into AOC where they are matched with another player of comparable ability. a. Where should cryptography be used in AOC? b. Where should access control used? c. Where would security protocols be used? d. Is software security a concern for AOC? Why or why not? 5. Some authors distinguish between secrecy, privacy, and confidential- ity. In this usage, secrecy is equivalent to our use of the term con- fidentiality, whereas privacy is secrecy applied to personal data, and 2 confidentiality (in this misguided sense) refers to an obligation not to divulge certain information.
    [Show full text]
  • Financial Fraud and Internet Banking: Threats and Countermeasures
    Report Financial Fraud and Internet Banking: Threats and Countermeasures By François Paget, McAfee® Avert® Labs Report Financial Fraud and Internet Banking: Threats and Countermeasures Table of Contents Some Figures 3 U.S. Federal Trade Commission Statistics 3 CyberSource 4 Internet Crime Complaint Center 4 In Europe 5 The Many Faces of Fraud 6 Small- and large-scale identity theft 7 Carding and skimming 8 Phishing and pharming 8 Crimeware 9 Money laundering 10 Mules 10 Virtual casinos 11 Pump and dump 12 Nigerian advance fee fraud (419 fraud) 12 Auctions 14 Online shopping 16 Anonymous payment methods 17 Protective Measures 18 Scoring 18 Europay, MasterCard, and Visa (EMV) standard 18 PCI-DSS 19 Secure Sockets Layer (SSL) and Transport Secured Layer (TLS) protocols 19 SSL extended validation 20 3-D Secure technology 21 Strong authentication and one-time password devices 22 Knowledge-based authentication 23 Email authentication 23 Conclusion 24 About McAfee, Inc. 26 Report Financial Fraud and Internet Banking: Threats and Countermeasures Financial fraud has many faces. Whether it involves swindling, debit or credit card fraud, real estate fraud, drug trafficking, identity theft, deceptive telemarketing, or money laundering, the goal of cybercriminals is to make as much money as possible within a short time and to do so inconspicuously. This paper will introduce you to an array of threats facing banks and their customers. It includes some statistics and descriptions of solutions that should give readers—whether they are responsible for security in a financial organization or a customer—an overview of the current situation. Some Figures U.S.
    [Show full text]
  • Fully Countering Trusting Trust Through Diverse Double-Compiling
    Fully Countering Trusting Trust through Diverse Double-Compiling A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at George Mason University By David A. Wheeler Master of Science George Mason University, 1994 Bachelor of Science George Mason University, 1988 Co-Directors: Dr. Daniel A. Menascé and Dr. Ravi Sandhu, Professors The Volgenau School of Information Technology & Engineering Fall Semester 2009 George Mason University Fairfax, VA Copyright © 2009 David A. Wheeler You may use and redistribute this work under the Creative Commons Attribution-Share Alike (CC-BY-SA) 3.0 United States License. You are free to Share (to copy, distribute, display, and perform the work) and to Remix (to make derivative works), under the following conditions: (1) Attribution. You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work). (2) Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under the same, similar or a compatible license. Alternatively, permission is also granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. As a third alternative, permission is also granted to copy, distribute and/or modify this document under the terms of the GNU General Public License (GPL) version 2 or any later version published by the Free Software Foundation. All trademarks, service marks, logos, and company names mentioned in this work are the property of their respective owners.
    [Show full text]
  • Michigan IT Lawyer a Publication of the State Bar of Michigan Information Technology Law Section
    State Bar of Michigan Michigan IT Lawyer A Publication of the State Bar of Michigan Information Technology Law Section http://www.michbar.org/computer Table of Contents Bits and Bytes from the Chair May 2011 . Vol. 28, Issue 3 By Mark G. Malven, Dykema Gossett PLLC . Bits and Bytes from the Chair ................1 . Save the Date! .......................................2 In my last Bits and Bytes article I (incorrectly) observed that . A Software Liability Policy for Spring had arrived here in Michigan. Consider this my “retraction”, Cybersecurity .........................................3 and let me repeat my wish that you are enjoying our beautiful . Using Technology to Leverage your Michigan Spring weather. Job Search ...........................................17 As your Chair my primary goal is that we as Section leaders . Publicly Available Websites for IT provide you with valuable events and resources. To that end, I want Lawyers ................................................18 to note a recent as well as our upcoming activities. 2011 Edward F. Langs Writing Award ..18 On Thursday April 21 we had our annual Spring Networking . Mission Statement Information Event at The Post Bar in Novi as a joint event with DetroitNET.org, Technology Law Section, State Bar of the IT professionals networking organization. A great time was had Michigan ..............................................18 by all, seeing old friends and making new acquaintances. Upcoming activities include: • IT Law-themed edition of the July Michigan Bar Journal. • Our Fourth Annual ICLE Information Technology Law Seminar on Wednesday, September 21, 2011. • Our Annual Meeting will be Wednesday, September 21, 2011 during the lunch session of the IT Law Seminar. Based on the success of the 2010 seminar, the IT Law seminar Michigan IT Lawyer is published every other month.
    [Show full text]
  • Enhacing the Development Life Cycle to Produce Secure Software
    REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (DD-MM-YYYY) 2008-10-01 2. REPORT TYPE Technical Report 3. DATES COVERED (From - To) 2008-10-01 - 2008-10-01 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER ENHANCING THE DEVELOPMENT LIFE CYCLE TO PRODUCE SECURE SOFTWARE 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER Goertzel, Karen Mercedes (editor, principal co-author) Winograd, Theodore (co-author) 5e. TASK NUMBER Numerous Other Reviewers 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORG REPORT # DACS Data & Analysis Center for Software, ITT AES, 775 Daedalian Dr., Rome, NY 13441 DAN 358844 US 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR'S ACRONYM(S) Defense Technical Information Center (DTIC)/AI, 8725 John J.
    [Show full text]
  • Wordpress 3 Ultimate Security
    WordPress 3 Ultimate Security Protect your WordPress site and its network Olly Connelly BIRMINGHAM - MUMBAI WordPress 3 Ultimate Security Copyright © 2011 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2011 Production Reference: 1070611 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-849512-10-7 www.packtpub.com Cover Image by Duraid Fatouhi ([email protected]) Credits Author Project Coordinator Olly Connelly Vishal Bodwani Reviewers Proofreader John Eckman Joanna McMahon Kevin Kelly Indexers Hari K T Tejal Daruwale Acquisition Editor Monica Ajmera Mehta Usha Iyer Production Coordinator Development Editor Aparna Bhagat Susmita Panda Cover Work Technical Editor Aparna Bhagat Dayan Hyames About the Author Olly Connelly was conceived in the Summer of Love and likes to think that he's the reincarnation of some dude who copped it after a Woodstock head-banger.
    [Show full text]
  • Cs 155 Notes
    CS 155 NOTES ARUN DEBRAY JUNE 5, 2015 These notes were taken in Stanford’s CS 155 class in Spring 2015, taught by Dan Boneh and John Mitchell. I TEXed these notes up using vim, and as such there may be typos; please send questions, comments, complaints, and corrections to [email protected]. Thanks to Ben-han Sung for finding a few errors. CONTENTS Part 1. Introduction and Overview 1 1. Introduction, and Why Security is a Problem: 3/31/15 1 2. Control Hijacking Attacks: 4/2/15 4 3. Section 1: 4/3/15 7 4. Run-time Defenses and the Confinement Principle: 4/7/15 9 5. Program Analysis for Computer Security: 4/9/15 11 6. Secure Architecture: 4/14/15 13 7. Security Bugs in the Real World: 4/16/15 16 Part 2. Web Security 20 8. The Browser Security Model: 4/21/15 20 9. Web Application Security: 4/23/15 23 10. Modern Client-Side Defenses: 4/28/15 25 11. Session Management: 4/30/15 27 12. Cryptography Overview: 5/5/15 29 13. HTTPS and the Lock Icon: 5/7/15 33 Part 3. Networking Protocols and Mobile Security 36 14. How to Design Security Prompts and Internet Protocols: 5/12/15 36 15. Network Security Protocols and Defense Mechanisms: 5/14/15 39 16. Denial of Service Attacks: 5/19/15 42 17. Mobile Platform Security Models: 5/21/15 45 18. Mobile Malware: 5/26/15 47 19. Malware, Viruses, and Antiviruses: 5/28/15 49 20.
    [Show full text]
  • SECURITY in the SOFTWARE LIFECYCLE Making Software Development Processes— and Software Produced by Them—More Secure DRAFT Version 1.2 - August 2006
    Department of Homeland Security SECURITY IN THE SOFTWARE LIFECYCLE Making Software Development Processes— and Software Produced by Them—More Secure DRAFT Version 1.2 - August 2006 Security in the Software Lifecycle Draft Version 1.2 | August 2006 FOREWARD Dependence on information technology makes software assurance a key element of business continuity, national security, and homeland security. Software vulnerabilities jeopardize intellectual property, consumer trust, business operations and services, and a broad spectrum of critical applications and infrastructure, including everything from process control systems to commercial application products. The integrity of key assets depends upon the reliability and security of the software that enables and controls those assets. However, informed consumers have growing concerns about the scarcity of practitioners with requisite competencies to build secure software. They have concerns with suppliers’ capabilities to build and deliver secure software with requisite levels of integrity and to exercise a minimum level of responsible practice. Because software development offers opportunities to insert malicious code and to unintentionally design and build software with exploitable weaknesses, security-enhanced processes and practices—and the skilled people to perform them—are required to build software that can be trusted not to increase risk exposure. In an era riddled with asymmetric cyber attacks, claims about system reliability, integrity and safety must also include provisions for built-in
    [Show full text]