Zararlı Yazılımların Karekterislik Analizi: Cryptowall Fidye Yazılım Analizi

Yıl 2020, Ejosat Özel Sayı 2020 (ARACONF), 486 - 493, 01.04.2020

İlker KARA Murat AYDOS Ahmet Selman BOZKIR

https://doi.org/10.31590/ejosat.araconf63

Cited By: 1

Öz

CryptoWall’lar tasarımı, amaçları ve verdiği zararlar açısından Ransomware’lar içerisinde ilk sıralarda yer almaktadır. Siber suçlular ülkeler arası siber terörizmden sıradan bir internet kullanıcından fidye istemeye kadar geniş bir uygulama alanında CryptoWall’ları kullanmaktadır. Alınan tüm tedbirlere rağmen CryptoWall’ları ile etkin bir mücadele hala geliştirilememiştir. Bu durum siber suçluların iştahını kabartmakta ve her geçen gün yeni sürümler ile CryptoWall’lar güncellenerek piyasaya sürülmekte, çözülmesi daha zor bir problem haline gelmektedir. Mevcut araştırma çalışmaları CryptoWall’ların genel özellikleri ve sonuçlarını tarışmaktadır. CryptoWall’lar nasıl çalışır? CryptoWall tespiti ve teknik analizi nasıl yapılır? Bu soruların cevapları hakkında detaylı çalışmalar yapılması bu problemin çözümesine katkı sağlayacaktır. Bu çalışma, siber suçluların CryptoWall saldırısıyla hedef aldığı gerçek bir kurbanın bilgisayarında CryptoWall’un tespiti ve analizi detaylı incelemesi üzerinedir. Çalışma, CryptoWall saldırısının hedef sisteme nasıl sızdığını, karekteristik hareketlerinin analiz aşamalarının göstermesi ve CryptoWall zararlı yazılımının üretici firmasının tespit edilmesini içermesinden dolayı önemlidir.

Anahtar Kelimeler

Siber Suçlar, Zararlı Yazılım Analizi, CryptoWalls

Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware

Öz

CryptoWalls ranks first among the Ransomware in terms of its design, objectives, and damages. Cybercriminals use CryptoWalls in a wide range of applications, from cross-country cyberterrorism to demanding ransom from an ordinary Internet user. Despite all the measures taken, an effective protection against CryptoWalls has still not been developed. This motivates cyber criminals, and new versions of updated CryptoWalls are released every day, becoming a more difficult problem to be solved. Current research studies discuss the general characteristics and consequences of CryptoWalls. How do CryptoWalls work? How the CryptoWall detection and technical analysis are done? Detailed studies on the answers to these questions will contribute to solving this problem. This study discusses detailed analysis of CryptoWall detection on a real victim's computer, targeted by the CryptoWall attack of cybercriminals. The study is of importance since it addresses how the CryptoWall attack infiltrates the target system, shows the analysis steps of its characteristic actions, and identifies the originating company of the CryptoWall malware.

Anahtar Kelimeler

Cybercriminal, Malware Analysis, CryptoWalls

Kaynakça

• B. Anderson, D. Quist, J. Neil, C. Storlie, and T. Lane. 2011. Graph-based malware detection using dynamic analysis. Journal in Computer Virology, 7(4):247–258.
• T. Hastie, R. Tibshirani, and J. H. Friedman. The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, 2009.
• M. Hopkins and A. Dehghantanha, “Exploit kits: The production line of the cybercrime economy?” in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec). IEEE, nov 2015.
• Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping Ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
• Rastogi, V., Chen, Y., & Jiang, X. 2014. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. IEEE Trans. Information Forensics and Security, 9(1), 99-108.
• Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., & Rajarajan, M. 2015. Android security: a survey of issues, malware penetration, and defenses. IEEE communications surveys & tutorials, 17(2), 998-1022.
• K.-K. R. Choo, “The cyber threat landscape: Challenges and future research directions,” Computers & Security, vol. 30, no. 8, pp. 719–731, nov 2011.
• J. Walls and K.-K. Choo, 2017. “A study of the effectiveness abs reliability of android free anti-mobile malware apps,” in Mobile Security and Privacy. Elsevier, pp. 167–203.
• A. Gazet. Comparative analysis of various Ransomware virii. 2010. Journal in Computer Virology, 6(1):77–90.
• A. L. Young. 2006. Cryptoviral extortion using microsoft’s crypto API. International Journal of Information Security, 5(2):67–76.
• Scaife, N., Carter, H., Traynor, P., & Butler, K. R. 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312).
• J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-Version antivirus in the network cloud. In USENIX Security Symposium, 2008.
• P. Traynor, M. Chien, S. Weaver, B. Hicks, and P. McDaniel. 2008. Noninvasive methods for host certification. ACM Transactions on Information and System Security, 11(3).
• J. Z. Kolter and M. A. Maloof. 2006.Learning to detect and classify malicious executables in the wild. The Journal of Machine Learning Research, 7:2721–2744.
• V. Chandola, A. Banerjee, and V. Kumar. Anomaly detection: A survey. 2009.ACM Comput. Surv., 41(3).
• H. L. Kevin Savage, Peter Coogan, The evolution of Ransomware. Symantec, 2015.
• K. Rieck, P. Trinius, C. Willems, and T. Holz. Automatic analysis of malware behavior using machine learning. Dec. 2011. J. Comput. Secur., 19(4):639–668.
• Richardson, R., & North, M. 2017. Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21.
• Luo, X., & Liao, Q. 2007. Awareness education as the key to Ransomware prevention. Information Systems Security, 16(4), 195-202.
• Symantec, “Internet security threat report,” Symantec, Tech. Rep., apr 2016.
• K. Cabaj and W. Mazurczyk, 2016. “Using software-defined networking for Ransomware mitigation: The case of CryptoWall,” IEEE Network, vol. 30, no. 6, pp. 14–20.
• A. Patcha and J.-M. Park. 2007. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12).
• F. Sinitsyn. Teslacrypt 2.0 disguised as cryptowall. https://securelist.com/blog/research/71371/ teslacrypt-2-0-disguised-as-cryptowall/, 2015.
• Kara, İ., & Aydos, M. (2019). The ghost in the system: technical analysis of remote access trojan. International Journal on Information Technologies & Security, 11(1).