Analýza síťové komunikace Ransomware / Ransomware Traffic Analysis

Šrubař, Michal

January 2017

The focus of this work is crypto-ransomware; a variant of malware, an analysis of this malware’s network communication, and the identification of means by which it may be detected in the network. The thesis describes the methodology and environment in which the malware’s network communications were studied. The first part of the thesis provides a network traffic analysis of this type of malware with a focus on HTTP and DNS communication, including anomalies that can be observed in the network during this malware’s activity. The thesis also includes a discussion of the user behavior of devices infected by this type of malware. The resulting data was used to identify and describe four detection methods that are able to recognize the malware from its network communication using the HTTP protocol. Finally, a description of several signatures that can be used as indicators of a possible infection by this malware are provided.

How to combat the rise of Ransomware

Martell, Angelica

January 2022

In today’s fast-evolving market, cybercriminals and threat actors are also developing. During and after the Covid-19 pandemic, ransomwares have become more frequent, and each year they are getting more advanced and harder to detect.Today, according to sources, there is barely anything stopping ransomware. On the other hand, security products are also improving and progressing with behavioral algorithms, machine learning, and AI. So, the struggle continues…From beginning to end, this thesis will demonstrate many aspects of ransomware. From a brief history, ransomware types and how they function. What the primary entry points are, infection vectors, and main threats.The focus of this study is to help businesses and organizations to protect themselves against ransomware. It will show how to be better equipped and prepared by building a defense strategy that includes the four steps, prevent, detect, defend, and recover.An experiment, market research, and a literature study will be performed. The result will show how some well-known security solutions perform when faced with ransomware.

Ransomware

Crypto-Ransomware

Locker-Ransomware

Defense strategy

Engineering and Technology

Teknik och teknologier

The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures

Connolly, Lena Y., Wall, D.S.

16 June 2020

Yes / Year in and year out the increasing adaptivity of offenders has maintained ransomware's position as a major cybersecurity threat. The cybersecurity industry has responded with a similar degree of adaptiveness, but has focussed more upon technical (science) than ‘non-technical’ (social science) factors. This article explores empirically how organisations and investigators have reacted to the shift in the ransomware landscape from scareware and locker attacks to the almost exclusive use of crypto-ransomware. We outline how, for various reasons, victims and investigators struggle to respond effectively to this form of threat. By drawing upon in-depth interviews with victims and law enforcement officers involved in twenty-six crypto-ransomware attacks between 2014 and 2018 and using an inductive content analysis method, we develop a data-driven taxonomy of crypto-ransomware countermeasures. The findings of the research indicate that responses to crypto-ransomware are made more complex by the nuanced relationship between the technical (malware which encrypts) and the human (social engineering which still instigates most infections) aspects of an attack. As a consequence, there is no simple technological ‘silver bullet’ that will wipe out the crypto-ransomware threat. Rather, a multi-layered approach is needed which consists of socio-technical measures, zealous front-line managers and active support from senior management. / This work was supported by the Engineering and Physical Sciences Research Council and is part of the EMPHASIS (EconoMical, PsycHologicAl and Societal Impact of RanSomware) project [EP/P011721/1].

Crypto-ransomware

Malware

Social engineering

Security countermeasures

Management support

Organisational settings

Cybercrime