Open Access Open Access  Restricted Access Subscription Access

A Multi-Layer Defense Against Cryptographic Attacks: RANSOMWALL The Use of Machine Learning in Malware Attacks

P Latha, U Soma Naidu

Abstract


Finance, insurance, banking, real estate, medical, and public administration have been attacked. Scareware, an early form of Ransomware, tricks victims into believing their systems are infected with many viruses, spyware, and security issues. The victim buys a fake antivirus product and pays a ransom to remove infections. Awareness and better security software have greatly reduced this malware's threat. Locker ransomware like Reveton locks the user interface to block access to computing resources. It demands ransom using social engineering. Security vendors offer effective tools to restore the blocked user interface for most variants. Cryptographic Ransomware targets user data with family-specific extensions. Encrypting files with advanced algorithms prevents user data access. The user receives a ransom note threatening to delete hostage files permanently if payment is not made. Bitcoin ransom is demanded. To maintain operation, system files are not encrypted. The decryption key to restore encrypted files is not guaranteed after payment. Modern Cryptographic Ransomware uses symmetric (AES, Triple DES) and asymmetric (RSA, ECC) key cryptographic algorithms for encryption. Symmetric Keys generated by the victim encrypt user files.


Full Text:

PDF

References


Barkly, “WannaCry Ransomware Statistics: The Numbers Behind the Outbreak,” May 2017. [Online]. Available: https://blog.barkly.com/ wannacry-ransomware-statistics-2017

CNN Tech, “Ransomware attack: Who’s been hit,” May 2017. [Online]. Available: http://money.cnn.com/2017/05/15/technology/ ransomware-whos-been-hit/index.html

TechTarget, “Scareware,” Aug 2010. [Online]. Available: http://whatis. techtarget.com/definition/scareware

F-Secure, “Trojan: W32/Reveton: Threat description,” 2017. [Online]. Available: https://www.f-secure.com/v-descs/trojan_w32_reveton.shtml

Sophos, “The current state of ransomware: CTB-Locker,” 2015. [Online]. Available: https://news.sophos.com/en-us/2015/12/31/ the-current-state-of-ransomware-ctb-locker

Panda Security, “CryptoLocker: What Is and How to Avoid it,” 2015. [Online]. Available: http://www.pandasecurity.com/mediacenter/ malware/cryptolocker

SecureList, “WannaCry ransomware used in widespread attacks all over the world,” May 2017. [Online]. Available: https://securelist.com/ wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/ 78351

Virus Total, “Free Online Virus, Malware and URL Scanner,” 2017. [Online]. Available: https://www.virustotal.com

Comodo, “How Antivirus Works,” 2017. [Online]. Available: https: //antivirus.comodo.com/how-antivirus-software-works.php

Sentinel One, “The Truth About White listing,” Dec 2014. [Online]. Available: https://sentinelone.com/2014/12/07/ the-truth-about-white listing


Refbacks

  • There are currently no refbacks.