Araştırma Makalesi
PDF Mendeley EndNote BibTex Kaynak Göster

Zararlı Yazılımların Karekterislik Analizi: Cryptowall Fidye Yazılım Analizi

Yıl 2020, Cilt , Sayı , 486 - 493, 01.04.2020
https://doi.org/10.31590/ejosat.araconf63

Öz

CryptoWall’lar tasarımı, amaçları ve verdiği zararlar açısından Ransomware’lar içerisinde ilk sıralarda yer almaktadır. Siber suçlular ülkeler arası siber terörizmden sıradan bir internet kullanıcından fidye istemeye kadar geniş bir uygulama alanında CryptoWall’ları kullanmaktadır. Alınan tüm tedbirlere rağmen CryptoWall’ları ile etkin bir mücadele hala geliştirilememiştir. Bu durum siber suçluların iştahını kabartmakta ve her geçen gün yeni sürümler ile CryptoWall’lar güncellenerek piyasaya sürülmekte, çözülmesi daha zor bir problem haline gelmektedir. Mevcut araştırma çalışmaları CryptoWall’ların genel özellikleri ve sonuçlarını tarışmaktadır. CryptoWall’lar nasıl çalışır? CryptoWall tespiti ve teknik analizi nasıl yapılır? Bu soruların cevapları hakkında detaylı çalışmalar yapılması bu problemin çözümesine katkı sağlayacaktır. Bu çalışma, siber suçluların CryptoWall saldırısıyla hedef aldığı gerçek bir kurbanın bilgisayarında CryptoWall’un tespiti ve analizi detaylı incelemesi üzerinedir. Çalışma, CryptoWall saldırısının hedef sisteme nasıl sızdığını, karekteristik hareketlerinin analiz aşamalarının göstermesi ve CryptoWall zararlı yazılımının üretici firmasının tespit edilmesini içermesinden dolayı önemlidir.

Kaynakça

  • B. Anderson, D. Quist, J. Neil, C. Storlie, and T. Lane. 2011. Graph-based malware detection using dynamic analysis. Journal in Computer Virology, 7(4):247–258.
  • T. Hastie, R. Tibshirani, and J. H. Friedman. The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, 2009.
  • M. Hopkins and A. Dehghantanha, “Exploit kits: The production line of the cybercrime economy?” in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec). IEEE, nov 2015.
  • Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping Ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
  • Rastogi, V., Chen, Y., & Jiang, X. 2014. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. IEEE Trans. Information Forensics and Security, 9(1), 99-108.
  • Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., & Rajarajan, M. 2015. Android security: a survey of issues, malware penetration, and defenses. IEEE communications surveys & tutorials, 17(2), 998-1022.
  • K.-K. R. Choo, “The cyber threat landscape: Challenges and future research directions,” Computers & Security, vol. 30, no. 8, pp. 719–731, nov 2011.
  • J. Walls and K.-K. Choo, 2017. “A study of the effectiveness abs reliability of android free anti-mobile malware apps,” in Mobile Security and Privacy. Elsevier, pp. 167–203.
  • A. Gazet. Comparative analysis of various Ransomware virii. 2010. Journal in Computer Virology, 6(1):77–90.
  • A. L. Young. 2006. Cryptoviral extortion using microsoft’s crypto API. International Journal of Information Security, 5(2):67–76.
  • Scaife, N., Carter, H., Traynor, P., & Butler, K. R. 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312).
  • J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-Version antivirus in the network cloud. In USENIX Security Symposium, 2008.
  • P. Traynor, M. Chien, S. Weaver, B. Hicks, and P. McDaniel. 2008. Noninvasive methods for host certification. ACM Transactions on Information and System Security, 11(3).
  • J. Z. Kolter and M. A. Maloof. 2006.Learning to detect and classify malicious executables in the wild. The Journal of Machine Learning Research, 7:2721–2744.
  • V. Chandola, A. Banerjee, and V. Kumar. Anomaly detection: A survey. 2009.ACM Comput. Surv., 41(3).
  • H. L. Kevin Savage, Peter Coogan, The evolution of Ransomware. Symantec, 2015.
  • K. Rieck, P. Trinius, C. Willems, and T. Holz. Automatic analysis of malware behavior using machine learning. Dec. 2011. J. Comput. Secur., 19(4):639–668.
  • Richardson, R., & North, M. 2017. Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21.
  • Luo, X., & Liao, Q. 2007. Awareness education as the key to Ransomware prevention. Information Systems Security, 16(4), 195-202.
  • Symantec, “Internet security threat report,” Symantec, Tech. Rep., apr 2016.
  • K. Cabaj and W. Mazurczyk, 2016. “Using software-defined networking for Ransomware mitigation: The case of CryptoWall,” IEEE Network, vol. 30, no. 6, pp. 14–20.
  • A. Patcha and J.-M. Park. 2007. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12).
  • F. Sinitsyn. Teslacrypt 2.0 disguised as cryptowall. https://securelist.com/blog/research/71371/ teslacrypt-2-0-disguised-as-cryptowall/, 2015.
  • Kara, İ., & Aydos, M. (2019). The ghost in the system: technical analysis of remote access trojan. International Journal on Information Technologies & Security, 11(1).

Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware

Yıl 2020, Cilt , Sayı , 486 - 493, 01.04.2020
https://doi.org/10.31590/ejosat.araconf63

Öz

CryptoWalls ranks first among the Ransomware in terms of its design, objectives, and damages. Cybercriminals use CryptoWalls in a wide range of applications, from cross-country cyberterrorism to demanding ransom from an ordinary Internet user. Despite all the measures taken, an effective protection against CryptoWalls has still not been developed. This motivates cyber criminals, and new versions of updated CryptoWalls are released every day, becoming a more difficult problem to be solved. Current research studies discuss the general characteristics and consequences of CryptoWalls. How do CryptoWalls work? How the CryptoWall detection and technical analysis are done? Detailed studies on the answers to these questions will contribute to solving this problem. This study discusses detailed analysis of CryptoWall detection on a real victim's computer, targeted by the CryptoWall attack of cybercriminals. The study is of importance since it addresses how the CryptoWall attack infiltrates the target system, shows the analysis steps of its characteristic actions, and identifies the originating company of the CryptoWall malware.

Kaynakça

  • B. Anderson, D. Quist, J. Neil, C. Storlie, and T. Lane. 2011. Graph-based malware detection using dynamic analysis. Journal in Computer Virology, 7(4):247–258.
  • T. Hastie, R. Tibshirani, and J. H. Friedman. The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, 2009.
  • M. Hopkins and A. Dehghantanha, “Exploit kits: The production line of the cybercrime economy?” in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec). IEEE, nov 2015.
  • Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping Ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
  • Rastogi, V., Chen, Y., & Jiang, X. 2014. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. IEEE Trans. Information Forensics and Security, 9(1), 99-108.
  • Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., & Rajarajan, M. 2015. Android security: a survey of issues, malware penetration, and defenses. IEEE communications surveys & tutorials, 17(2), 998-1022.
  • K.-K. R. Choo, “The cyber threat landscape: Challenges and future research directions,” Computers & Security, vol. 30, no. 8, pp. 719–731, nov 2011.
  • J. Walls and K.-K. Choo, 2017. “A study of the effectiveness abs reliability of android free anti-mobile malware apps,” in Mobile Security and Privacy. Elsevier, pp. 167–203.
  • A. Gazet. Comparative analysis of various Ransomware virii. 2010. Journal in Computer Virology, 6(1):77–90.
  • A. L. Young. 2006. Cryptoviral extortion using microsoft’s crypto API. International Journal of Information Security, 5(2):67–76.
  • Scaife, N., Carter, H., Traynor, P., & Butler, K. R. 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312).
  • J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-Version antivirus in the network cloud. In USENIX Security Symposium, 2008.
  • P. Traynor, M. Chien, S. Weaver, B. Hicks, and P. McDaniel. 2008. Noninvasive methods for host certification. ACM Transactions on Information and System Security, 11(3).
  • J. Z. Kolter and M. A. Maloof. 2006.Learning to detect and classify malicious executables in the wild. The Journal of Machine Learning Research, 7:2721–2744.
  • V. Chandola, A. Banerjee, and V. Kumar. Anomaly detection: A survey. 2009.ACM Comput. Surv., 41(3).
  • H. L. Kevin Savage, Peter Coogan, The evolution of Ransomware. Symantec, 2015.
  • K. Rieck, P. Trinius, C. Willems, and T. Holz. Automatic analysis of malware behavior using machine learning. Dec. 2011. J. Comput. Secur., 19(4):639–668.
  • Richardson, R., & North, M. 2017. Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21.
  • Luo, X., & Liao, Q. 2007. Awareness education as the key to Ransomware prevention. Information Systems Security, 16(4), 195-202.
  • Symantec, “Internet security threat report,” Symantec, Tech. Rep., apr 2016.
  • K. Cabaj and W. Mazurczyk, 2016. “Using software-defined networking for Ransomware mitigation: The case of CryptoWall,” IEEE Network, vol. 30, no. 6, pp. 14–20.
  • A. Patcha and J.-M. Park. 2007. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12).
  • F. Sinitsyn. Teslacrypt 2.0 disguised as cryptowall. https://securelist.com/blog/research/71371/ teslacrypt-2-0-disguised-as-cryptowall/, 2015.
  • Kara, İ., & Aydos, M. (2019). The ghost in the system: technical analysis of remote access trojan. International Journal on Information Technologies & Security, 11(1).

Ayrıntılar

Birincil Dil İngilizce
Konular Mühendislik
Bölüm Makaleler
Yazarlar

İlker KARA Bu kişi benim
ÇANKIRI KARATEKİN ÜNİVERSİTESİ
0000-0003-3700-4825
Türkiye


Murat AYDOS
HACETTEPE ÜNİVERSİTESİ
0000-0002-7570-9204
Türkiye


Ahmet Selman BOZKIR Bu kişi benim
HACETTEPE ÜNİVERSİTESİ
0000-0003-4305-7800
Türkiye

Yayımlanma Tarihi 1 Nisan 2020
Yayınlandığı Sayı Yıl 2020, Cilt , Sayı

Kaynak Göster

Bibtex @araştırma makalesi { ejosat711170, journal = {Avrupa Bilim ve Teknoloji Dergisi}, eissn = {2148-2683}, address = {}, publisher = {Osman SAĞDIÇ}, year = {2020}, pages = {486 - 493}, doi = {10.31590/ejosat.araconf63}, title = {Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware}, key = {cite}, author = {Kara, İlker and Aydos, Murat and Bozkır, Ahmet Selman} }
APA Kara, İ. , Aydos, M. & Bozkır, A. S. (2020). Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware . Avrupa Bilim ve Teknoloji Dergisi , Ejosat Özel Sayı 2020 (ARACONF) , 486-493 . DOI: 10.31590/ejosat.araconf63
MLA Kara, İ. , Aydos, M. , Bozkır, A. S. "Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware" . Avrupa Bilim ve Teknoloji Dergisi (2020 ): 486-493 <https://dergipark.org.tr/tr/pub/ejosat/issue/53473/711170>
Chicago Kara, İ. , Aydos, M. , Bozkır, A. S. "Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware". Avrupa Bilim ve Teknoloji Dergisi (2020 ): 486-493
RIS TY - JOUR T1 - Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware AU - İlker Kara , Murat Aydos , Ahmet Selman Bozkır Y1 - 2020 PY - 2020 N1 - doi: 10.31590/ejosat.araconf63 DO - 10.31590/ejosat.araconf63 T2 - Avrupa Bilim ve Teknoloji Dergisi JF - Journal JO - JOR SP - 486 EP - 493 VL - IS - SN - -2148-2683 M3 - doi: 10.31590/ejosat.araconf63 UR - https://doi.org/10.31590/ejosat.araconf63 Y2 - 2020 ER -
EndNote %0 Avrupa Bilim ve Teknoloji Dergisi Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware %A İlker Kara , Murat Aydos , Ahmet Selman Bozkır %T Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware %D 2020 %J Avrupa Bilim ve Teknoloji Dergisi %P -2148-2683 %V %N %R doi: 10.31590/ejosat.araconf63 %U 10.31590/ejosat.araconf63
ISNAD Kara, İlker , Aydos, Murat , Bozkır, Ahmet Selman . "Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware". Avrupa Bilim ve Teknoloji Dergisi / (Nisan 2020): 486-493 . https://doi.org/10.31590/ejosat.araconf63
AMA Kara İ. , Aydos M. , Bozkır A. S. Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware. EJOSAT. 2020; 486-493.
Vancouver Kara İ. , Aydos M. , Bozkır A. S. Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware. Avrupa Bilim ve Teknoloji Dergisi. 2020; 486-493.
IEEE İ. Kara , M. Aydos ve A. S. Bozkır , "Characteristic Behavioral Analysis of Malware: A Case study of Cryptowall Ransomware", Avrupa Bilim ve Teknoloji Dergisi, ss. 486-493, Nis. 2020, doi:10.31590/ejosat.araconf63