Skip to main content
SpringerLink
Log in

Next Generation Cryptographic Ransomware

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11252))

Included in the following conference series:

Abstract

We are assisting at an evolution in the ecosystem of cryptoware —the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Barkly, Must-Know Ransomware Statistics 2018, https://blog.barkly.com/ransomware-statistics-2018.

  2. 2.

    For this reason, some does not even consider them be ransomware; they are however cryptoware, and therefore in the scope of this paper’s research.

  3. 3.

    This work focuses on the cryptographic aspects of ransomware. Other malicious operations, e.g., spreading over network, are out of the scope of this paper.

  4. 4.

    Actually, ransomware might try to inject malicious code into other processes. In this case, memory of the encrypting process is dumped.

  5. 5.

    VirtualBox, https://www.virtualbox.org/.

  6. 6.

    Compiled from source available at: https://github.com/BUseclab/paybreak.

  7. 7.

    Downloaded from http://people.rennes.inria.fr/Aurelien.Palisse/DaD.html.

  8. 8.

    This paper analyzes the academic paper version of CryptoDrop  [25]. The software available at https://www.cryptodrop.org/ is a proprietary & commercial product, and its source code is not available. It may include undocumented measures other than the ones in the academic paper, therefore, we could not inspect the code nor analyze the actual implementation in this study.

  9. 9.

    ENT: A Pseudorandom Number Sequence Test Program, http://www.fourmilab.ch/random/.

  10. 10.

    For more information, please visit https://wwwen.uni.lu/research/chercheurs_recherche/standards_policies.

  11. 11.

    Available at https://www.acm.org/code-of-ethics.

References

  1. Barkly: 2017 Ransomware Report. Technical report. Barkly (2017)

    Google Scholar 

  2. Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016)

    Google Scholar 

  3. Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4

    Book  MATH  Google Scholar 

  4. Darwin, I.: Fine Free File Command (2010). http://www.darwinsys.com/file/

  5. Deibert, R., Crete-Nishihata, M.: Blurred boundaries: probing the ethics of cyberspace research. Rev. Policy Res. 28(5), 531–537 (2011)

    Article  Google Scholar 

  6. Directorate-General for Research and Innovation: Ethics for Researchers Facilitating Research Excellence in FP7. Technical report. European Commission, July 2013

    Google Scholar 

  7. Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: Proceedings of the 22nd International Conference on Distributed Computing Systems, pp. 617–624. IEEE, Washington, DC (2002)

    Google Scholar 

  8. Eastlake 3rd, D.: Publicly Verifiable Nominations Committee (NomCom) Random Selection. RFC 3797, June 2004. https://tools.ietf.org/pdf/rfc3797.pdf

  9. Fisher, R.A., Yates, F.: Statistical Tables for Biological, Agricultural and Medical Research. Oliver and Boyd, Oxford (1938)

    MATH  Google Scholar 

  10. Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234–255. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93411-2_11

    Chapter  Google Scholar 

  11. Herrera-Flanigan, J.R., Ghosh, S.: Criminal regulations. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, pp. 265–308. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-13547-7_16

    Chapter  Google Scholar 

  12. Hirschberg, B., Kravchik, M., Haenel, A., Solow, H.: Ransomware Key Extractor and Recovery System, April 2016. https://patentscope.wipo.int/search/en/detail.jsf?docId=US215058675

  13. Kaspersky: KSN Report - Ransomware in 2014–2016. Technical report. Kaspersky (2016)

    Google Scholar 

  14. Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium, pp. 757–772. USENIX Association, Austin (2016)

    Google Scholar 

  15. Kharraz, A., Kirda, E.: Redemption real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_5

    Chapter  Google Scholar 

  16. Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017

    Google Scholar 

  17. Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017)

    Google Scholar 

  18. Lee, K., Oh, I., Yim, K.: Ransomware-prevention technique using key backup. In: Jung, J.J., Kim, P. (eds.) BDTA 2016. LNICST, vol. 194, pp. 105–114. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58967-1_12

    Chapter  Google Scholar 

  19. Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)

    Book  Google Scholar 

  20. Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70290-2_12

    Chapter  Google Scholar 

  21. Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto API. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 11–28. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0_2

    Chapter  Google Scholar 

  22. Rogaway, P.: The Moral Character of Cryptographic Work. Cryptology ePrint Archive, Report 2015/1162 (2015). https://eprint.iacr.org/2015/1162

  23. Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_15

    Chapter  Google Scholar 

  24. Roussev, V., Quates, C.: The sdhash tutorial (2013). http://roussev.net/sdhash/tutorial/03-quick.html

  25. Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: CryptoLock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016

    Google Scholar 

  26. Stark, P.B.: Pseudo-Random Number Generator using SHA-256. https://www.stat.berkeley.edu/~stark/Java/Html/sha256Rand.htm

  27. Morgan, S.: 2017 Cybercrimes Report. Technical report. Cybersecurity Ventures (2017)

    Google Scholar 

  28. Sullins, J.P.: A case study in malware research ethics education: when teaching bad is good. In: Proceedings of IEEE Security & Privacy, San Jose, CA, USA, 17–18 May 2014. IEEE computer society (2014)

    Google Scholar 

  29. Symantec Corporation: Internet Security Threat Report. Technical report, April 2018

    Google Scholar 

  30. Touchette, F.: The evolution of malware. Netw. Secur. 2016(1), 11–14 (2016)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg, Luxembourg, Luxembourg

    Ziya Alper Genç, Gabriele Lenzini & Peter Y. A. Ryan

Authors
  1. Ziya Alper Genç
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gabriele Lenzini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Y. A. Ryan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ziya Alper Genç .

Editor information

Editors and Affiliations

  1. University of Oslo, Oslo, Norway

    Nils Gruschka

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Genç, Z.A., Lenzini, G., Ryan, P.Y.A. (2018). Next Generation Cryptographic Ransomware. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03638-6_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03637-9

  • Online ISBN: 978-3-030-03638-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation