Spelling suggestions: "subject:"ransom""
1 |
Ransomware : Ett modernt gisslandramaFrick, Jan, Sjöström, Andreas January 2016 (has links)
Ransomware är en sorts skadlig kod som krypterar vissa delar av ett datorsystem med så pass hög säkerhet att endast krypteringsnyckeln kan ge tillgång till filerna igen. Den ges mot betalning av en lösensumma. Antalet infekterade system har ökat kraftigt de senaste åren och det har utvecklats till en stor svart marknad som omsätter miljoner varje år. I detta arbete analyseras fyra sorters ransomware: Cryptowall, TeslaCrypt, CTB-Locker och Locky. Det dessa ransomware har gemensamt är att de krypterar filnamnen och innehållet i filerna med en okäckbar kod. Genom att infektera ett virtuellt system undersöks möjliga åtgärder för att återskapa filer efter att en infektion har skett. Analysen visar att filen vssadmin.exe spelar en betydande roll för de fyra sorters ransomwaren. Med hjälp av denna fil raderar ransomwaren alla tidigare skapade återställningspunkter, kallad Volume Snapshot Services, och därmed försvinner möjligheten att återställa filer till ett tidigare läge. Experimenten visar att genom att förhindra ransomwarens åtkomst till denna fil möjliggörs återställandet av mappar till ett tidigare läge, och därmed även återställandet av filerna, efter en ransomwareinfektion.
|
2 |
Detecting ransomware in encrypted network traffic using machine learningModi, Jaimin 29 August 2019 (has links)
Ransomware is a type of malware that has gained immense popularity in recent time due to its money extortion techniques. It locks out the user from the system files until the ransom amount is paid.
Existing approaches for ransomware detection predominantly focus on system level monitoring, for instance, by tracking the file system characteristics. To date, only a small amount of research has focused on detecting ransomware at the network level, and none of the published proposals have addressed the challenges raised by the fact that an increasing number of ransomware are using encrypted channels for communication with the command and control (C&C) server, mainly, over the HTTPS protocol.
Despite the limited amount of ransomware-specific data available in network traffic, network-level detection represents a valuable extension of system-level detection as this would provide early indication of ransomware activities and allow disrupting such activities before serious damage can take place.
To address the aforementioned gap, we propose, in the current thesis, a new approach for detecting ransomware in encrypted network traffic that leverages network connection and certificate information and machine learning. We observe that network traffic characteristics can be divided into 3 categories – connection based, encryption based, and certificate based. Based on these characteristics, we explore a feature model that separates effectively ransomware traffic from normal traffic. We study three different classifiers – Random Forest, SVM and Logistic Regression. Experimental evaluation on diversified dataset yields a detection rate of 99.9% and a false positive rate of 0% for random forest, the best performing of the three classifiers. / Graduate
|
3 |
Kriminologické a trestněprávní aspekty fenoménu ransomware / Criminological and legal aspects of the ransomware phenomenonJohanovský, Tomáš January 2018 (has links)
Criminological and legal aspects of the ransomware phenomenon Abstract This diploma thesis deals with the current topic of cybercrime and focuses specifically on the phenomenon of ransomware on a scope unprecedented in Czech legal literature. Ransomware is a malicious code that interferes with the operation of a computer system, and later requires ransom for the victim to recover the access to the computer system and the data contained therein. Basic concepts necessary for the definition of ransomware (such as cyberspace, cybercrime, computer system, malicious code, cryptocurrency and darknet) are introduced and explained. The specificities of cybercrime and its development and current range in the Czech Republic are analysed. The main part of the text deals with the analysis of ransomware, starting with its history and leading to the possible future developments of ransomware. Different variants of ransomware are described such as false antivirus, police, locker and encryption ransomware. From a criminological point of view, the text focuses on the unique interaction of the perpetrator and the victim, which takes on surprising forms of customer support, answers to frequently asked questions and instructions for acquiring virtual currencies. Emphasis is placed on prevention efforts that can mitigate the...
|
4 |
Predictors of Ransomware from Binary AnalysisOtis, Aaron M 01 September 2019 (has links) (PDF)
Ransomware, a type of malware that extorts payment from a victim by encrypting her data, is a growing threat that is becoming more sophisticated with each generation. Attackers have shifted from targeting individuals to entire organizations, raising extortions from hundreds of dollars to hundreds of thousands of dollars. In this work, we analyze a variety of ransomware and benign software binaries in order to identify indicators that may be used to detect ransomware. We find that several combinations of strings, cryptographic constants, and a large number loops are key indicators useful for detecting ransomware.
|
5 |
How to combat the rise of RansomwareMartell, Angelica January 2022 (has links)
In today’s fast-evolving market, cybercriminals and threat actors are also developing. During and after the Covid-19 pandemic, ransomwares have become more frequent, and each year they are getting more advanced and harder to detect.Today, according to sources, there is barely anything stopping ransomware. On the other hand, security products are also improving and progressing with behavioral algorithms, machine learning, and AI. So, the struggle continues…From beginning to end, this thesis will demonstrate many aspects of ransomware. From a brief history, ransomware types and how they function. What the primary entry points are, infection vectors, and main threats.The focus of this study is to help businesses and organizations to protect themselves against ransomware. It will show how to be better equipped and prepared by building a defense strategy that includes the four steps, prevent, detect, defend, and recover.An experiment, market research, and a literature study will be performed. The result will show how some well-known security solutions perform when faced with ransomware.
|
6 |
Trestněprávní a kriminologické aspekty šíření ransomware / Criminological and criminal law aspects of the ransomware spreadOborák, Daniel January 2021 (has links)
The subject of this diploma thesis is the ransomware spread, which is currently one of the most prominent global cybernetic threats. Ransomware is malicious code that, when activated on a computer system, usually blocks access to that system or encrypts the data contained in it, which is then used to blackmail the user. This thesis deals with criminological and criminal aspects of this phenomenon. In its criminological part, this thesis deals with the issue of the etiology of the ransomware spread and its criminogenic factors, while examining, among other things, the applicability of cybercriminological theory named space transition theory to a given phenomenon. It also deals with the victimological aspect of the matter, listing the most fundamental factors influencing victimization, both in the case of widespread non-targeted ransomware attacks and in the case of specifically targeted attacks. It also examines the issue of the high latency of this phenomenon and cybercrime in general and the possibility of prevention, which it considers to be the best way to defend against a ransomware attack. In particular, it deals with the issue of ransomware attacks on hospitals and critical infrastructure, and also raises the issue of the increase in the number of attacks due to the COVID-19 pandemic. The...
|
7 |
RansomwareGreinsmark, Carl January 2020 (has links)
This thesis researches different ransomwares, how we can stop them and how their threat vectors work. It is important to notice that when solving one ransomware doesn’t solve the next incoming one. In this thesis we investigate six different ransomwares that spread between 2016-2019. We investigate the encryption methods, the different threat vectors, infection spreading and how to prevent from them by doing a theoretical and practical study. The results show that after infection of a ransomware, it encrypts the data instantaneously on the system. Fortunately, to keep information safe there are few prevention methods such as anti-virus software and a few prototypes created that is not currently released one is called PayBreak for Windows 7 and tests to find a solution through flash memory.
|
8 |
Trestněprávní a kriminologické aspekty šíření ransomware / Criminological and criminal law aspects of the ransomware spreadFousek, Jan January 2019 (has links)
Criminological and criminal law aspects of the ransomware spread Abstract This diploma thesis examines different aspects of criminology and criminal law with the issue of the malware spread in the form of ransomware. This text is divided into two main parts. First, the theoretical part consists of the chapters about cybercrime, malware and criminological and criminal law aspects of ransomware spread. It uses the substantive law and also procedural law perspective. All chapters are divided into subchapters dealing with the questions of offenders and victims, criminal law qualification of the ransomware phenomena and with related concepts used for the broader understanding of this kind of cybercrime. Second, the analytical part follows. This thesis combines different criminological research methods and tries to verify the main hypothesis regarding the increase in the number of ransomware attacks in the Czech Republic. The hypothesis is as follows: "The number of ransomware attacks registered by the Police of the Czech Republic has been increasing since 2016". This hypothesis cannot be accepted due to missing relevant data from the Police of the Czech Republic and other institutions. It can be said that for the period 2016-2018, there was 3 registered ransomware attacks per 100,000 inhabitants of the Czech...
|
9 |
Ransomware-attacker mot svenska sjukhus : En kvalitativ studie kring informationssäkerhetsarbetet inom svensk sjukvårdKjellberg Karlsson, Elin, Hellström Ryckert, Astrid January 2022 (has links)
De senaste åren har visat på en ökning av så kallade ransomware-attacker riktade mot sjukvården. Sjukvården är en samhällssektor som besitter en samhällskritisk verksamhet och hanterar känsliga data vilket gör den extra utsatt mot dessa typer av attacker. Under covid-19 pandemin var läget inom sjukvården pressat och detta har setts utnyttjas av angripare som utfört ransomware-attacker riktade mot sjukhus i hopp om att dra nytta av det pressade läget och få en lösensumma utbetald. Effekterna av en sådan attack mot sjukvården kan innebära stora konsekvenser och dessa konsekvenser bör tas i beaktning då skyddsarbetet mot ransomware-attacker utformas vid sjukhusen. För att bilda en förståelse hur svenska sjukhus ser på dessa konsekvenser vid utformningen av säkerhetsarbetet undersöker denna studie ämnet genom en intervjustudie med en teoretisk grund i den informationssäkerhetsmässigt beprövade teorin Protection Motivation Theory (PMT). Sammantaget visade studien på att olika konsekvenser tas olika mycket hänsyn till vid utformningen av säkerhetsarbetet. Konsekvenser för patientsäkerhet är de konsekvenser som studien visade tas störst hänsyn till vid utformningen av säkerhetsarbetet. / Recent years have seen an increase in so-called ransomware attacks targeting healthcare. Healthcare is a sector of society that possesses a socially crucial business and handles sensitive data which makes it particularly vulnerable to these types of attacks. During the covid-19 pandemic, the healthcare sector was under pressure, and this have seen to be exploited by attackers who carried out ransomware attacks targeting hospitals in the hope of taking advantage of the pressured situation and getting the ransom paid. The effects of such an attack against healthcare can have major consequences and should be considered when designing protection against ransomware attacks at hospitals. To form an understanding of whether these consequences have been included in the design of the protection work at hospitals in Sweden, this study examines the subject through an interview study with a theoretical basis in the information security-proven theory Protection Motivation Theory (PMT). Overall, the study showed that different consequences are considered to varying degrees when designing the safety work. Consequences for patient safety are the consequences that the study showed are most considered when designing the safety work.
|
10 |
Analýza síťové komunikace Ransomware / Ransomware Traffic AnalysisŠrubař, Michal January 2017 (has links)
The focus of this work is crypto-ransomware; a variant of malware, an analysis of this malware’s network communication, and the identification of means by which it may be detected in the network. The thesis describes the methodology and environment in which the malware’s network communications were studied. The first part of the thesis provides a network traffic analysis of this type of malware with a focus on HTTP and DNS communication, including anomalies that can be observed in the network during this malware’s activity. The thesis also includes a discussion of the user behavior of devices infected by this type of malware. The resulting data was used to identify and describe four detection methods that are able to recognize the malware from its network communication using the HTTP protocol. Finally, a description of several signatures that can be used as indicators of a possible infection by this malware are provided.
|
Page generated in 0.039 seconds