Ransomware: Evolution, Classification, Attack Phase, Detection and Prevention

Ahmad Sainuri Mubarak, Mutahira Nur Insirat, Muhajira Nurul Lutfiya

Abstract


The modern cybercrime namely ransomware has grown exponentially over the past few years. Ransomware is a type of malware that is the result of sophisticated efforts to infiltrate modern computer systems. Most of these threats are aimed at directly or indirectly making money from victims by demanding a ransom in exchange for a description key. Governments and large corporations are investing heavily to combat cyber threats to their critical infrastructure. Ransomware first appeared in 1980, at that time one had to pay by mail. Ransomware is considered to be malware that has spread widely since 1989 and has caused global financial losses for both individuals and large organizations. Every year losses due to ransomware continue to increase. Therefore, data protection from ransomware is very necessary. Currently, ransomware originators request payment via bitcoin or cryptocurrency. This research provides an overview of ransomware, its evolution, classification, attack phases, detection, prevention, description of research limitations, and finally provides conclusions.


Keywords


Ransomware; evolution; classification; attack phases; detection; prevention

Full Text:

PDF

References


Ahn, J., Park, D., Lee, C.-G., Min, D., Lee, J., Park, S., Chen, Q., & Kim, Y. (2019). KEY-SSD: Access-Control Drive to Protect Files from Ransomware Attacks.

Ami, O., Elovici, Y., & Hendler, D. (2018). Ransomware prevention using application authentication-based file access control. ACM Symposium on Applied Computing, 1610–1619. https://doi.org/10.1145/3167132.3167304

Atapour-Abarghouei, A., Bonner, S., & Mcgough, A.S. (2019). A King's Ransom for Encryption: Ransomware Classification using Augmented One-Shot Learning and Bayesian Approximation. https://github.com/atapour/ransomware-classification

Bello, A., & Maurushat, A. (2020). Technical and Behavioral Training and Awareness Solutions for Mitigating Ransomware Attacks. Computer Science On-Line Conference, 1226 AISC, 164–176. https://doi.org/10.1007/978-3-030-51974-2_14

Cartwright, E., Hernandez Castro, J., & Cartwright, A. (2019). To pay or not: game theoretical models of ransomware. Journal of Cybersecurity, 5(1). https://doi.org/10.1093/CYBSEC/TYZ009

Conti, M., Gangwal, A., & Ruj, S. (2018). On the economic significance of ransomware campaigns: A Bitcoin transactions perspective. Computers & Security, 79, 162–189. https://doi.org/10.1016/J.COSE.2018.08.008

Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., & Maggi, F. (2016). ShieldFS: A Self-healing, Ransomware-aware Filesystem. ACM International Conference Proceedings Series, 9-5-December-2016, 336–347. https://doi.org/10.1145/2991079.2991110

Cuzzocrea, A., Martinelli, F., & Mercaldo, F. (2018). A Novel Structural-Entropy-based Classification Technique for Supporting Android Ransomware Detection and Analysis. IEEE International Conference on Fuzzy Systems, 2018-July. https://doi.org/10.1109/FUZZ-IEEE.2018.8491637

Goodin. (2017). A new ransomware outbreak similar to WCry is shutting down computers worldwide. https://arstechnica.com/information-technology/2017/06/a-new-ransomware-outbreak-similar-to-wcry-is-shutting-down-computers-worldwide/

Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., & Kirda, E. (2016). UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/song

Kharraz, A., & Kirda, E. (2017). Redemption: Real-time Protection Against Ransomware at End-Hosts.

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks.

Kim, D.Y., & Lee, J. (2020). Blacklist vs. Whitelist-Based Ransomware Solutions. IEEE Consumer Electronics Magazine, 9(3), 22–28. https://doi.org/10.1109/MCE.2019.2956192

Lee, S., Kim, H.K., & Kim, K. (2019). Ransomware protection using the moving target defense perspective. Computers & Electrical Engineering, 78, 288–299. https://doi.org/10.1016/J.COMPELECENG.2019.07.014

Luo, X., & Liao, Q. (2007). Awareness education as the key to ransomware prevention. Information Systems Security, 16(4), 195–202. https://doi.org/10.1080/10658980701576412/ASSET//CMS/ASSET/A36F90C4-6E1F-4640-8E49-1E8D35D4FAA9/10658980701576412.FP.PNG

Mansfield-Devine, S. (2017). Fileless attacks: compromising targets without malware. Network Security, 2017(4), 7–11. https://doi.org/10.1016/S1353-4858(17)30037-5

McIntosh, T.R., Jang-Jaccard, J., & Watters, P.A. (2018). Large Scale Behavioral Analysis of Ransomware Attacks. International Conference on Neural Information Processing, 11306 LNCS, 217–229. https://doi.org/10.1007/978-3-030-04224-0_19

Mehnaz, S., Mudgerikar, A., & Bertino, E. (2018). RWGuard: A real-time detection system against cryptographic ransomware. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 11050 LNCS, 114–136. https://doi.org/10.1007/978-3-030-00470-5_6

PurpleSec. (2023). 2023 Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends. https://purplesec.us/resources/cyber-security-statistics/

Scalas, M., Maiorca, D., Mercaldo, F., Visaggio, A., Martinelli, F., & Giacinto, G. (2019). On the Effectiveness of System API-Related Information for Android Ransomware Detection. http://pralab.diee.unica.it/en/RPackDroid

Siddiqui, A.S., Lee, C.C., & Saqib, F. (2017). Hardware based protection against malwares by PUF based access control mechanism. Midwest Symposium on Circuits and Systems, 2017-August, 1312–1315. https://doi.org/10.1109/MWSCAS.2017.8053172

Srinivasan, C.R. (2017). Hobby hackers to billion-dollar industry: the evolution of ransomware. Computer Fraud & Security, 2017(11), 7–9. https://doi.org/10.1016/S1361-3723(17)30081-7

Turaev, H., Zavarsky, P., & Swar, B. (2018). Prevention of Ransomware Execution in Enterprise Environment on Windows OS: Assessment of Application Whitelisting Solutions. International Conference on Data Intelligence and Security, 110–118. https://doi.org/10.1109/ICDIS.2018.00024

Young, A., & Yung, M. (1996). Crypt ovirology : Extortion-Based Security Threats and Countermeasures*.

Zhang, B., Xiao, W., Xiao, X., Sangaiah, A. K., Zhang, W., & Zhang, J. (2020). Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. Future Generation Computer Systems, 110, 708–720. https://doi.org/10.1016/J.FUTURE.2019.09.025

Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., & Sangaiah, A.K. (2019). Classification of ransomware families with machine learning based on N-gram of opcodes. Future Generation Computer Systems, 90, 211–221. https://doi.org/10.1016/J.FUTURE.2018.07.052




DOI: https://doi.org/10.31284/p.snestik.2024.5588

Refbacks

  • There are currently no refbacks.


Copyright (c) 2024 Ahmad Sainuri Mubarak, Mutahira Nur Insirat, Muhajira Nurul Lutfiya

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.