Comparative Analysis of Distinctive Features of the Ransomware Tactics in Relation to Other Malware
Ransomware have become a real threat to the use of technology. Unlike other forms of malware that could target systems by deleting or editing some files and creating backdoor for the attacker to access the system, ransomware have gone a notch higher by targeting humans. This is achieved when a ransomware encrypts data of the infected computer and a note demanding for a ransom to be paid is printed on the screen. Due to the advancement in technology, ransomware use advanced and secure encryption algorithm that is difficult to decrypt even when the computational power is not limited. In this work, we present some of the major behavioral characteristics that we found to be common with ransomware and not with other malware. Our results show that a careful analysis of suspicious network and file activities can help detect a ransomware attack. Further, careful analysis of ransomware behavior can help develop a system that can detect an impeding ransomware attack and thereby eliminate it.
. A. Clark, Q. Zhu, R. Poovendran, & T. Başar, (2013, June). An impact-aware defense against stuxnet. In 2013 American Control Conference (pp. 4140-4147). IEEE.
. D.S. Wall, “Dis-organised crime: Towards a distributed model of the organization of cybercrime.” The European Review of Organised Crime, vol. 2, 2015.
. Internet security threat report. “ISTR Internet security threat report”. Internet: http://book.itep.ru/depository/surveys/ISTR22_Main-FINAL-APR24.pdf. 2017
. T.S.Rajput. “Evolving Threat Agents: Ransomware and their Variants.” International Journal of Computer Applications, vol. 164, pp.28-34, 2015.
. K. S. Choi, T.M. Scott, & D.P. LeClair. “Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory”. International Journal of Forensic Science & Pathology. 2016.
. D. Nieuwenhuizen. “Abehavioural-based approach to ransomware detection”. Whitepaper. MWR Labs Whitepaper. 2017.
. F. Mbol, J.M Robert, & A. Sadighian, (2016, November). An efficient approach to detect torrentlocker ransomware in computer systems. In International Conference on Cryptology and Network Security (pp. 532-541). Springer, Cham.
. N. Hampton, & Z.A. Baig,. Ransomware: Emergence of the cyber-extortion menace. 2015
. Kaspersky. (2015). “No Ransom: The National high tech crime unit of the Netherlands’ police and Kaspersky lab helps victims to escape from Coinvault ransomware”. Internet: https://www.kaspersky.com/about/press-releases/2015_no-ransom-the-national-high-tech-crime-unit-of-the-netherlands-police-and-kaspersky-lab-help-victims-to-escape-from-coinvault-ransomware,2016
. P. Zavarsky, & D. Lindskog. “Experimental analysis of ransomware on windows and android platforms: Evolution and characterization.” Procedia Computer Science, vol.94, pp.465-472, 2016.
. N. Andronio, S. Zanero, & F. Maggi, (2015, November). Heldroid: Dissecting and detecting mobile ransomware. In International Symposium on Recent Advances in Intrusion Detection (pp. 382-404). Springer, Cham.
. N. Scaife., H. Carter., P. Traynor., & K.R. Butler., (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (pp. 303-312). IEEE.
. Internet security threat report. “ISTR Internet security threat report”. Internet: www.itu.int/en/ITUD/Cybersecurity/Documents/Symantec_annual_internet_threat_report_ITU2015.pdf. 2015
. A. Tseng, Y. Chen, Y. Kao, & T. Lin. “Deep learning for ransomware detection”. IEICE Tech. Rep., vol. 116, pp.87-92, 2016.
. A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, & E. Kirda, (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer, Cham.
. A. Ali, R. Murthy, & F. Kohun. “Recovering from the nightmare of ransomware-how savvy users get hit with viruses and malware: a personal case study.” Issues in Information Systems, vol.17,2016.
. D. Morato, E. Berrueta, E. Magaña, E., & M. Izal,. (2018). Ransomware early detection by the analysis of file sharing traffic. Journal of Network and Computer Applications, vol. 124, pp.14-32.
. J. Huang, J. Xu, X. Xing, P. Liu, & M.K. Qureshi. (2017, October). Flashguard: Leveraging intrinsic flash properties to defend against encryption ransomware. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2231-2244.
. L. Cavallaro, P. Saxena & R. Sekar, (2007). Anti-taint-analysis: Practical evasion techniques against information flow based malware defense. Secure Systems Lab at Stony Brook University, Tech. Rep, pp.1-18.
Copyright (c) 2020 International Journal of Computer (IJC)
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who submit papers with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- By submitting the processing fee, it is understood that the author has agreed to our terms and conditions which may change from time to time without any notice.
- It should be clear for authors that the Editor In Chief is responsible for the final decision about the submitted papers; have the right to accept\reject any paper. The Editor In Chief will choose any option from the following to review the submitted papers:A. send the paper to two reviewers, if the results were negative by one reviewer and positive by the other one; then the editor may send the paper for third reviewer or he take immediately the final decision by accepting\rejecting the paper. The Editor In Chief will ask the selected reviewers to present the results within 7 working days, if they were unable to complete the review within the agreed period then the editor have the right to resend the papers for new reviewers using the same procedure. If the Editor In Chief was not able to find suitable reviewers for certain papers then he have the right to reject the paper.
- Author will take the responsibility what so ever if any copyright infringement or any other violation of any law is done by publishing the research work by the author
- Before publishing, author must check whether this journal is accepted by his employer, or any authority he intends to submit his research work. we will not be responsible in this matter.
- If at any time, due to any legal reason, if the journal stops accepting manuscripts or could not publish already accepted manuscripts, we will have the right to cancel all or any one of the manuscripts without any compensation or returning back any kind of processing cost.
- The cost covered in the publication fees is only for online publication of a single manuscript.