Scribd
Upload
30 views3 pages

RANSOMWARE

Ransomware is a type of malware that restricts access to personal data until a ransom is paid, often using cryptocurrency for anonymity. It can be categorized into three forms: scareware, locker, and crypto ransomware, each with different methods of operation and impact on the victim's system. Prevention strategies include malware analysis, which helps in understanding ransomware behavior and developing detection mechanisms.

Uploaded by

lenguyenquynhthu85
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views3 pages

RANSOMWARE

Ransomware is a type of malware that restricts access to personal data until a ransom is paid, often using cryptocurrency for anonymity. It can be categorized into three forms: scareware, locker, and crypto ransomware, each with different methods of operation and impact on the victim's system. Prevention strategies include malware analysis, which helps in understanding ransomware behavior and developing detection mechanisms.

Uploaded by

lenguyenquynhthu85
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

RANSOMWARE

Đào Thị Anh Thư K204080420

Đoàn Châu Khôi K234081E

Đào Ánh Ngân K234082E

Huỳnh Nguyên Phát K234082E

Lê Nguyễn Quỳnh Thư K234082E

1. DEFINITION
Ransomware is a type of malware designed to facilitate different nefarious
activities, such as preventing access to personal data unless a ransom is paid
(Khammas, 2020, Komatwar, Kokare, 2020, Meland, Bayoumy, Sindre, 2020).
This ransom typically uses cryptocurrency like Bitcoin, which makes it
difficult to track the recipient of the transaction and is ideal for attackers to
evade law enforcement agencies (Kara, Aydos, 2020, Karapapas, Pittaras,
Fotiou, Polyzos, 2020).
2. MECHANISISM-HOW DOES IT WORK?
Ransomware can be categorized into three main forms - locker, crypto, and
scareware (Gomez-Hernandez, Alvarez-Gonzalez, Garcia-Teodoro, 2018,
Kok, Abdullah, Jhanjhi, Supramaniam, 2019)

- Scareware may use pop-up ads to manipulate users into assuming


that they are required to download certain software, thereby using
coercion techniques for downloading malware. In scareware, the
cyber crooks exploit the fear rather than lock the device or encrypt
any data (Andronio et al., 2015). This form of ransomware does not do
any harm to the victim’s computer.
- Locker ransomware works by blocking primary computer functions.
Locker ransomware may encrypt certain files which can lock the
computer screen and/or keyboard. Locker ransomware may allow
limited user access.
- Crypto ransomware encrypts the user’s sensitive files but does not
interfere with basic computer functions. Unlike locker ransomware,
crypto ransomware is often irreversible as current encryption
techniques (e.g., AES and RSA) are nearly impossible to revert if
implemented properly (Gomez-Hernandez, Alvarez-Gonzalez, Garcia-
Teodoro, 2018, Nadir, Bakhshi, 2018). Table 1 presents a few popular
ransomware families. Crypto ransomware can use one of three
encryption schemes: symmetric, asymmetric, or hybrid (Cicala and
Bertino, 2020). A purely symmetric approach is problematic as the
encryption key must be embedded in the ransomware (Dargahi et al.,
2019), which makes this approach vulnerable to reverse engineering.
3. HOW TO PREVENT IT
3.1. Using malware analysis:
Malware analysis is a standard approach to understand the components and
behaviour of malware, ransomware included. This analysis is useful to
detect malware attacks and prevent similar attacks in the future. Malware
analysis is broadly categorized into static and dynamic analysis. Static
analysis analyzes binary file contents, whereas dynamic analysis studies the
behaviour and actions of a process during execution (Or-Meir, Nissim,
Elovici, Rokach, 2019, Sharafaldin, Lashkari, Hakak, Ghorbani, 2019, Shijo,
Salim, 2015)
Malware analysis can discover the unique characteristics of ransomware
which can then be used to help design prevention or detection mechanisms.
For example, Zimba and Mulenga (Zimba and Mulenga, 2018) examined the
static and behavioural properties of WannaCry ransomware; they
discovered that WannaCry retrieves the network adapter properties to
determine whether it’s residing in a private or public subnet to effectuate
substantial network propagation.
REFERENCE
1. Khammas, B. M. (2020). Ransomware detection using random forest technique. ICT Express,
6(4), 325-331.
2. Ilker, K. A. R. A., & Aydos, M. (2020, October). Cyber fraud: Detection and analysis of the crypto-
ransomware. In 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile
Communication Conference (UEMCON) (pp. 0764-0769). IEEE.
3. Gómez-Hernández, J. A., Álvarez-González, L., & García-Teodoro, P. (2018). R-Locker:
Thwarting ransomware action through a honeyfile-based approach. Computers & Security, 73,
389-398.
4. Adamu, U., & Awan, I. (2019, August). Ransomware prediction using supervised learning
algorithms. In 2019 7th International Conference on Future Internet of Things and Cloud
(FiCloud) (pp. 57-63). IEEE.

You might also like