Network activity analysis of CryptoWall ransomware

Cabaj, Krzysztof; Gawkowski, Piotr; Grochowski, Konrad; Osojca, D.

doi:10.15199/48.2015.11.48

Cited by 48 publications

(52 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The results presented in this paper are continuation of the previous works associated with the analysis of the CryptoWall ransomware conducted at the beginning of 2015 [13]. Because of unknown reasons new samples of the CryptoWall were not observed in the January 2016 and later the whole CryptoWall infrastructure was shut down.…”

Section: Locky Case Studysupporting

confidence: 77%

“…Unfortunately, due to the great popularity of this system, these two virtual environments are the most often detected by the malware (in such case it simply stops its hostile activity). To deal with that, during our research we have developed two different environments dedicated for dynamic analysis -Maltester [13] and MESS [12].…”

Section: Overview Of the Analytical Infrastructurementioning

confidence: 99%

See 1 more Smart Citation

The impact of malware evolution on the analysis methods and infrastructure

Cabaj

Gawkowski

Grochowski

et al. 2017

Proceedings of the 2017 Federated Conference on Computer Science and Information Systems

Self Cite

View full text Add to dashboard Cite

Abstract-The huge number of malware introduced each day demands methods and tools for their automated analyses. Complex and distributed infrastructure of malicious software and new sophisticated techniques used to obstruct the analyses are discussed in the paper based on real-life malware evolution observed for a long time. Their impact on both toolsets and methods are presented based on practical development of systems for malware analyses and new features for existing tools.

show abstract

Section: Locky Case Studysupporting

confidence: 77%

Section: Overview Of the Analytical Infrastructurementioning

confidence: 99%

The impact of malware evolution on the analysis methods and infrastructure

Cabaj

Gawkowski

Grochowski

et al. 2017

Proceedings of the 2017 Federated Conference on Computer Science and Information Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…(1) whether to locally generate the asymmetric key pair on the victim after infection, (2) or whether to contact the Command & Control (C2) servers to download the asymmetric key pair [11].…”

Section: Attack Structures and Related Conceptsmentioning

confidence: 99%

Towards Data Resilience: The Analytical Case of Crypto Ransomware Data Recovery Techniques

Zimba¹,

Wang²,

Simukonda³

2018

IJITCS

View full text Add to dashboard Cite

Abstract-Crypto ransomware has earned an infamous reputation in the malware landscape and its sound sends a lot of shivers to many despite being a new entrant. The media has not helped matters even as the myths and inaccuracies surrounding crypto ransomware continue to deepen. It's been purported that once crypto ransomware attacks, the victim is left with no option but to pay in order to retrieve the encrypted data, and that without a guarantee, or risk losing the data forever. Security researchers are inadvertently thrown into a cat-and-mouse chase to catch up with the latest vices of the aforesaid in order to provide data resilience. In this paper, we debunk the myths surrounding loss of data via a crypto ransomware attack. Using a variety of crypto ransomware samples, we employ reverse engineering and dynamic analysis to evaluate the underlying attack structures and data deletion techniques employed by the ransomware. Further, we expose the data deletion techniques used by ransomware to prevent data recovery and suggest how such could be countered. From the results, we further present observed sandbox evasion techniques employed by ransomware against both static and dynamic analysis in an effort to obfuscate its operations and subsequently prevent data recovery. Our analyses have led us to the conclusion that no matter how devastating a crypto ransomware attack might appear, the key to data recovery options lies in the underlying attack structure and the implemented data deletion methodology.

show abstract

“…Analysis of few more CryptoWall samples showed that these lists of proxies contain many infected servers, and these lists are centrally managed by attackers. Detailed description of this network activity and results from its initial analysis can be found in [4].…”

Section: Introductionmentioning

confidence: 99%

“…The ARTA has a dedicated subnet with a set of HoneyPots and a DNS redirecting the whole traffic to these HoneyPots. The malware sample is executed within the dynamic evaluation system Maltester (see [4]). Moreover, the whole system is remotely controlled with dedicated the Web application.…”

Section: Introductionmentioning

confidence: 99%

Developing malware evaluation infrastructure

Cabaj

Gawkowski

Grochowski

et al. 2016

Annals of Computer Science and Information Systems

Self Cite

View full text Add to dashboard Cite

Abstract-Malware evaluation is a key factor in security. It supposed to be safe and accurate. The contemporary malware is very sophisticated. Usually it uses complex distributed infrastructure an investigation of which is a very challenging task. In the paper, the development of the testbeds toward malware and its infrastructure evaluation is presented. Based on the real-life experience with the subsequent CryptoWall generations analysis, the MESS evaluation system is introduced. A rich set of analytical results is discussed. A new methods of visualization for malware artefacts analysis are given.

show abstract

Network activity analysis of CryptoWall ransomware

Cited by 48 publications

References 9 publications

The impact of malware evolution on the analysis methods and infrastructure

The impact of malware evolution on the analysis methods and infrastructure

Towards Data Resilience: The Analytical Case of Crypto Ransomware Data Recovery Techniques

Developing malware evaluation infrastructure

Contact Info

Product

Resources

About