Abstract
We are assisting at an evolution in the ecosystem of cryptoware —the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Barkly, Must-Know Ransomware Statistics 2018, https://blog.barkly.com/ransomware-statistics-2018.
- 2.
For this reason, some does not even consider them be ransomware; they are however cryptoware, and therefore in the scope of this paper’s research.
- 3.
This work focuses on the cryptographic aspects of ransomware. Other malicious operations, e.g., spreading over network, are out of the scope of this paper.
- 4.
Actually, ransomware might try to inject malicious code into other processes. In this case, memory of the encrypting process is dumped.
- 5.
VirtualBox, https://www.virtualbox.org/.
- 6.
Compiled from source available at: https://github.com/BUseclab/paybreak.
- 7.
Downloaded from http://people.rennes.inria.fr/Aurelien.Palisse/DaD.html.
- 8.
This paper analyzes the academic paper version of CryptoDrop [25]. The software available at https://www.cryptodrop.org/ is a proprietary & commercial product, and its source code is not available. It may include undocumented measures other than the ones in the academic paper, therefore, we could not inspect the code nor analyze the actual implementation in this study.
- 9.
ENT: A Pseudorandom Number Sequence Test Program, http://www.fourmilab.ch/random/.
- 10.
For more information, please visit https://wwwen.uni.lu/research/chercheurs_recherche/standards_policies.
- 11.
Available at https://www.acm.org/code-of-ethics.
References
Barkly: 2017 Ransomware Report. Technical report. Barkly (2017)
Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM, New York (2016)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Darwin, I.: Fine Free File Command (2010). http://www.darwinsys.com/file/
Deibert, R., Crete-Nishihata, M.: Blurred boundaries: probing the ethics of cyberspace research. Rev. Policy Res. 28(5), 531–537 (2011)
Directorate-General for Research and Innovation: Ethics for Researchers Facilitating Research Excellence in FP7. Technical report. European Commission, July 2013
Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: Proceedings of the 22nd International Conference on Distributed Computing Systems, pp. 617–624. IEEE, Washington, DC (2002)
Eastlake 3rd, D.: Publicly Verifiable Nominations Committee (NomCom) Random Selection. RFC 3797, June 2004. https://tools.ietf.org/pdf/rfc3797.pdf
Fisher, R.A., Yates, F.: Statistical Tables for Biological, Agricultural and Medical Research. Oliver and Boyd, Oxford (1938)
Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234–255. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93411-2_11
Herrera-Flanigan, J.R., Ghosh, S.: Criminal regulations. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, pp. 265–308. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-13547-7_16
Hirschberg, B., Kravchik, M., Haenel, A., Solow, H.: Ransomware Key Extractor and Recovery System, April 2016. https://patentscope.wipo.int/search/en/detail.jsf?docId=US215058675
Kaspersky: KSN Report - Ransomware in 2014–2016. Technical report. Kaspersky (2016)
Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium, pp. 757–772. USENIX Association, Austin (2016)
Kharraz, A., Kirda, E.: Redemption real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_5
Kim, H., Yoo, D., Kang, J.S., Yeom, Y.: Dynamic ransomware protection using deterministic random bit generator. In: 2017 IEEE Conference on Application, Information and Network Security (AINS), pp. 64–68, November 2017
Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM, New York (2017)
Lee, K., Oh, I., Yim, K.: Ransomware-prevention technique using key backup. In: Jung, J.J., Kim, P. (eds.) BDTA 2016. LNICST, vol. 194, pp. 105–114. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58967-1_12
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)
Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., Lanet, J.-L.: Data aware defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70290-2_12
Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A.: Ransomware and the legacy crypto API. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 11–28. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0_2
Rogaway, P.: The Moral Character of Cryptographic Work. Cryptology ePrint Archive, Report 2015/1162 (2015). https://eprint.iacr.org/2015/1162
Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_15
Roussev, V., Quates, C.: The sdhash tutorial (2013). http://roussev.net/sdhash/tutorial/03-quick.html
Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: CryptoLock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016
Stark, P.B.: Pseudo-Random Number Generator using SHA-256. https://www.stat.berkeley.edu/~stark/Java/Html/sha256Rand.htm
Morgan, S.: 2017 Cybercrimes Report. Technical report. Cybersecurity Ventures (2017)
Sullins, J.P.: A case study in malware research ethics education: when teaching bad is good. In: Proceedings of IEEE Security & Privacy, San Jose, CA, USA, 17–18 May 2014. IEEE computer society (2014)
Symantec Corporation: Internet Security Threat Report. Technical report, April 2018
Touchette, F.: The evolution of malware. Netw. Secur. 2016(1), 11–14 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Genç, Z.A., Lenzini, G., Ryan, P.Y.A. (2018). Next Generation Cryptographic Ransomware. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-03638-6_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03637-9
Online ISBN: 978-3-030-03638-6
eBook Packages: Computer ScienceComputer Science (R0)