Abstract
The ransomware nightmare is taking over the internet, impacting common users, small businesses and large ones. The interest and investment which is pushed into this market each month, tell us a few things about the evolution of both technical and social engineering, along with what is to expect in the short-coming future from them. In this paper, we analyze how ransomware programs developed in the last few years and how they were released in certain market segments throughout the deep web via RaaS (Ransomware as a Service), exploits or SPAM, while learning from their own mistakes to bring profit to the next level. We also highlight a set of mistakes that were made, which allowed for total or partial recovery of the encrypted data. We also consider the ransomware authors preference for specific encryption types, encryption key exchange mechanisms and some edge cases of encryption, which may prove to be exploitable in the near future.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
References
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1
Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6(1), 77–90 (2010)
Scaife, N., Carter, N., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (2016)
Kharaz. A., et al.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 757–772, Austin, TX, USENIX Association (2016). ISBN: 978-1-931971-32-4
Sittig, D.F., Singh, H.: A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl. Clin. Inf. 7(2), 624–632 (2016). PMC. Web. 1 October 2018
Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611 (2017)
Gómez-Hernández, J.A., Álvarez González, L., García-Teodoro, P.: R-Locker: Thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389–398 (2018)
Andronio, N., Zanero, S., Maggi, F.: HELDROID: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382–404. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_18
Lemmou, Y., Souidi, E.M.: Inside gandcrab ransomware. In: Camenisch, J., Papadimitratos, P. (eds.) CANS 2018. LNCS, vol. 11124, pp. 154–174. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00434-7_8
Young, A.L., Yung, M.M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of the 17th IEEE Symposium on Security and Privacy, pp. 129–141. IEEE, May 1996
Kleinjung, T., et al.: Factorization of a 768-bit RSA modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_18
Bernstein, D.J.: The salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_8
Aditya, J., Shankar Rao, P.: Quantum Cryptography
Lo, H.-K., Ma, X., Chen, K.: Decoy state quantum key distribution. Phys. Rev. Lett. 94, 230504 (2005). (See also “Archived copy”. Archived from the original on 24 December 2015. Retrieved 6 February 2016.)
O’Gorman, G., McDonald, G.: Ransomware: a growing menace
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
A Ransomware Families Set
A Ransomware Families Set
ACCDFISA, Amnesia, Annabelle, BadRabbit, Bart, Cerber, Crypt0l0cker, GandCrab, Globe, GlobeImposter, Hermes, HiddenTear, LeChiffre, LockCrypt, Magniber, Nemucod, NotPetya, OpenToYou, PCLock, Petya, Rapid, SamSam, Satan, Scarab, SynAck, TeslaCrypt, Troldesh, UIWIX, WannaCry, Xmas, Xorist
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Craciun, V.C., Mogage, A., Simion, E. (2019). Trends in Design of Ransomware Viruses. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)