Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method

Umar, Rusydi; Riadi, Imam; Kusuma, Ridho Surya

doi:10.14421/ijid.2021.2423

Cited by 11 publications

(11 citation statements)

References 24 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…ix. The Conti [33] ransomware is a highly advanced and complex malware that uses a sophisticated encryption algorithm to encrypt files on a victim's computer system. It can spread through a network, infecting other connected systems.…”

Section: Focused Ransomware Variantsmentioning

confidence: 99%

Securing IoT Devices Running PureOS from Ransomware Attacks: Leveraging Hybrid Machine Learning Techniques

et al. 2023

View full text Add to dashboard Cite

Internet-enabled (IoT) devices are typically small, low-powered devices used for sensing and computing that enable remote monitoring and control of various environments through the Internet. Despite their usefulness in achieving a more connected cyber-physical world, these devices are vulnerable to ransomware attacks due to their limited resources and connectivity. To combat these threats, machine learning (ML) can be leveraged to identify and prevent ransomware attacks on IoT devices before they can cause significant damage. In this research paper, we explore the use of ML techniques to enhance ransomware defense in IoT devices running on the PureOS operating system. We have developed a ransomware detection framework using machine learning, which combines the XGBoost and ElasticNet algorithms in a hybrid approach. The design and implementation of our framework are based on the evaluation of various existing machine learning techniques. Our approach was tested using a dataset of real-world ransomware attacks on IoT devices and achieved high accuracy (90%) and low false-positive rates, demonstrating its effectiveness in detecting and preventing ransomware attacks on IoT devices running PureOS.

show abstract

Section: Focused Ransomware Variantsmentioning

confidence: 99%

Securing IoT Devices Running PureOS from Ransomware Attacks: Leveraging Hybrid Machine Learning Techniques

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Suatu jaringan dapat diketahui sedang diserang atau telah diserang melalui log yang mencatat aktivitas komputer. Log berperan penting sebagai penunjang dalam proses investigasi khususnya forensik jaringan [14].…”

Section: Pendahuluanunclassified

Forensik Serangan Ransomware Ryuk pada Jaringan Cloud

Kusuma

2023

JURNAL MULTIMEDIA NETWORKING INFORMATICS

View full text Add to dashboard Cite

Kemajuan dunia digital dan informasi menjadikan data sebagai asset yang berharga, perlindungan dan keamanan data menjadi sesuatu yang penting dari berbagai ancaman seperti kerusakan, bencana alam, kehilangan, dan cybercrime. Serangan virus Ransomware dalam beberapa tahun belakangan ini menjadi ancaman nyata sehingga saat ini, virus tersebut melakukan enkripsi pada data penting, kemudian meminta tebusan finansial dari korban dengan mengancam akan mempublikasikan, menghapus atau menahan akses. Pada penelitian ini melakukan investigasi forensik jaringan metode live forensic dalam network traffic untuk dapat mengetahui jejak pelaku. Metode ini memerlukan kecermatan dan ketelitian sebab kecepatan lalu lintas data dihitung per millisecond, kemudian memanfaatkan tool wireshark untuk analisis paket data. Tahapan diawali preservation, collection, examination, dan analysis. Berikut hasil investigasi, meliputi waktu penyerangan, Ip Address, Mac Address, Port, Protocol dan alamat url website phising dari komputer yang telah terinfeksi, Berdasarkan data yang diperoleh penelitian ini telah sesuai dengan tujuan yang diharapkan

show abstract

“…To the best of our knowledge, there is only one academic paper about the Conti ransomware. In [21], the authors focus on preliminarily static analysis and primary behavior analysis of the ransomware on a computer network. They use a 2021 sample of the Conti ransomware.…”

Section: B Conti Ransomwarementioning

confidence: 99%

“…The source code also shows API hashing techniques and dynamic API loading. In [21], the network behavior analysis shows how Conti ransomware can spread and encrypt networks file. This study lake some critical information about the Conti ransomware, such as all its libraries, API calls, API hashing algorithm, encryption flow, and encryption algorithm.…”

Section: B Conti Ransomwarementioning

confidence: 99%

An Analysis of Conti Ransomware Leaked Source Codes

2022

View full text Add to dashboard Cite

In recent years, there has been an increase in ransomware attacks worldwide. These attacks aim to lock victims' machines or encrypt their files for ransom. These kinds of ransomware differ in their implementation and techniques, starting from how they spread, vulnerabilities they leverage, methods to hide their behaviors from antivirus software, encryption methods, and performance. The Conti ransomware is sophisticated ransomware that operates as ransomware-as-a-service. It started in 2019 and had an unprecedented human impact by targeting healthcare systems and cost $45 million. This paper analyzes the Conti ransomware source codes leaked on February 27, 2022, by an anonymous individual. We first look at the general code structure. Then, we analyze its flow, starting with its application programming interface disguise techniques, anti hook mechanisms, command-line arguments, and finally, its multithreaded encryption. We also perform a static and dynamic analysis of the latest known Conti sample in an isolated environment and compare its behavior to its source code flows.

show abstract

Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method

Cited by 11 publications

References 24 publications

Securing IoT Devices Running PureOS from Ransomware Attacks: Leveraging Hybrid Machine Learning Techniques

Securing IoT Devices Running PureOS from Ransomware Attacks: Leveraging Hybrid Machine Learning Techniques

Forensik Serangan Ransomware Ryuk pada Jaringan Cloud

An Analysis of Conti Ransomware Leaked Source Codes

Contact Info

Product

Resources

About