A Study of Ransomware Attacks on Windows Platform

Ghulam Fatim*, Irfan Mustafa**, Hassan Farooq***
*-*** Department of Computer Science, Bahria University Karachi Campus, Sindh, Pakistan.
Periodicity:December - February'2022
DOI : https://doi.org/10.26634/jcom.9.4.18530

Abstract

Ransomware is a type of new malware that is extremely dangerous and causes serious problems, affecting several organizations and individuals around the world. Ransomware attacks nearly doubled in the first half of 2021, according to statists. In 2020, there were approximately 304 million ransomware attacks worldwide in different parts of the world. The increase was 62% compared to last year and is the second largest increase since 2016. Many researchers are already talking about ransomware and its impact. However, much more research into ransomware is needed to provide further in-depth analysis and study of ransomware. This paper focuses specifically on the impact of ransomware on Windows platforms. Since Windows is the most widely used and well-known platform, it was chosen for the analysis. It monitors the infection process, how it occurs, as well as the various methods used by ransomware families to encrypt. In conclusion, this paper suggests that securing Windows is possible if system files and registry are closely monitored.

Keywords

Ransomware, malware, Crypto-modules, Encrypted attacks, Crypto-currency.

How to Cite this Article?

Fatim, G., Mustafa, I., and Farooq, H. (2022). A Study of Ransomware Attacks on Windows Platform. i-manager’s Journal on Computer Science, 9(4), 21-30. https://doi.org/10.26634/jcom.9.4.18530

References

[1]. Ahmadian, M. M., & Shahriari, H. R. (2016, September). 2entFOX: A framework for high survivable ransomwares detection. In 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC) (pp. 79-84). IEEE. https://doi.org/10.1109/ISCISC.2016.7736455
[2]. Alzahrani, A., Alshehri, A., Alharthi, R., Alshahrani, H., & Fu, H. (2017, December). An overview of ransomware in the windows platform. In 2017 International Conference on Computational Science and Computational Intelligence (CSCI) (pp. 612-617). IEEE. https://doi.org/10.1109/CSCI.2017.106
[3]. Arabo, A., Dijoux, R., Poulain, T., & Chevalier, G. (2020). Detecting ransomware using process behavior analysis. Procedia Computer Science, 168, 289-296. https://doi.org/10.1016/j.procs.2020.02.249
[4]. Bhardwaj, A., Avasthi, V., Sastr y, H., & Subrahmanyam, G. V. B. (2016). Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology, 9(14), 1-5. https://doi.org/10.17485/ijst/2016/v9i14/82936
[5]. Boukhtouta, A., Mokhov, S. A., Lakhdari, N. E., Debbabi, M., & Paquet, J. (2016). Network malware classification comparison using DPI and flow packet headers. Journal of Computer Virology and Hacking Techniques, 12(2), 69-100. https://doi.org/10.1007/s11416-015-0247-x
[6]. Cabaj, K., Gregorczyk, M., & Mazurczyk, W. (2018). Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Computers & Electrical Engineering, 66, 353-368. https://doi.org/10.1016/j.compeleceng.2017.10.012
[7]. Christensen, J. B. (2017). Ransomware detection and mitigation tool, Technical University of Denmark, Department of Applied Mathematics and Computer Science (Doctoral dissertation, Master Thesis).
[8]. Cyber Threat Alliance. (2018). Lucrative Ransomware Attacks: Analysis of the Cryptowall Version 3 Threat. Retrieved from https://cyberthreatalliance.org/lucrativeransomware- attacks-analysis-cr yptowall-version-3-threat/
[9]. EUROPOL. (2021). Internet Organised Crime Threat Assessment (IOCTA) 2018. Retrieved from https://www. europol.europa.eu/publications-events/main-reports/ internet-organised-crime-threat-assessment-iocta-2018
[10]. Grover, P., Kar, A. K., & Vigneswara Ilavarasan, P. (2018, October). Blockchain for businesses: A systematic literature review. In Conference on e-Business, e-Services and e-Society (pp. 325-336). Springer, Cham. https://doi.org/10.1007/978-3-030-02131-3_29
[11]. Hansman, S., & Hunt, R. (2005). A taxonomy of network and computer attacks. Computers & Security, 24(1), 31-43. https://doi.org/10.1016/j.cose.2004.06.011
[12]. Hong, S., Liu, C., Ren, B., & Chen, J. (2017). Sdguard: An android application implementing privacy protection and ransomware detection. In Proceedings of the International Conference on Mobile Systems, Applications, and Services, ser. MobiSys (Vol. 17, pp. 149-149).
[13]. International Charter. (2015). The Risk Equation. Retrieved from http://www.icharter.org/articles/risk_ equation.html
[14]. Kaspersky Security Bulletin. (2016). Story of the Year the Ransomware Revolution. Retrieved from https:// media.kaspersky.com/en/business-security/kasperskystory-of-the-year-ransomware-revolution.pdf
[15]. Kaur, J., Jaafar, F., & Zavarsky, P. (2018). An empirical analysis of crypto-ransomware behavior. In The Thirteenth International Conference on Systems (ICONS 2018) (pp.1-7).
[16]. Kiraz, M. S., Genç, Z. A., & Öztürk, E. (2017). Detecting Large Integer Arithmetic for Defense against Crypto Ransomware. Cryptology ePrint Archive.
[17]. Kirda, E. (2017, February). Unveil: a large-scale, automated approach to detecting ransomware (keynote). In 2017 IEEE 24th international conference on software analysis, evolution and reengineering (SANER) (pp. 1-1). IEEE Computer Society. https://doi.org/10.1109/SANER.2017.7884603
[18]. Kitchenham, B. (2004). Procedures for performing systematic reviews. Keele, UK, Keele University, 33, 1-26.
[19]. Kurniawan, A., & Riadi, I. (2018). Detection and analysis cerber ransomware based on network forensics behavior. International Journal of Network Security, 20(5), 836-843. https://doi.org/10.6633/IJNS.201809 20(5).04)
[20]. Loman, M. (2019). How Ransomware Attacks. Retrieved from https://www.sophos.com/en-us/ medialibrar y/PDFs/technical-papers/sophoslabsransomware- behavior-report.pdf
[21]. McAfee. (2019). McAfee Labs Threats Report. Retrieved from https://www.mcafee.com/enterprise/enus/assets/reports/rp-quarterly-threats-aug-2019.pdf
[22]. Modi, J. (2019). Detecting Ransomware in Encrypted Network Traffic using Machine Learning, (Doctoral dissertation, University of Victoria Libraries, Canada).
[23]. Mohammad, A. H. (2020). Ransomware evolution, growth and recommendation for detection. Modern Applied Science, 14(3), 68. https://doi.org/10.5539/mas.v14n3p68
[24]. Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5), 1938-1940.
[25]. Moore, C. (2016). Detecting ransomware with honeypot techniques. University of St Mark & St John, Plymouth, England, (pp. 77-81).
[26]. Proofpoint. (2017). Retrieved from https://www. proofpoint.com/sites/default/files/pfpt-us-tr-q317-threatreport_1.pdf
[27]. Rajput, T. S. (2017). Evolving threat agents: ransomware and their variants. International Journal of Computer Applications, 164(7), 28-34.
[28]. Reshmi, T. R. (2021). Information security breaches due to ransomware attacks-a systematic literature review. International Journal of Information Management Data Insights, 1(2), 100013. https://doi.org/10.1016/j.jjimei.2021.100013
[29]. Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10.
[30]. Sechel, S. (2019). A comparative assessment of obfuscated ransomware detection methods. Informatica Economica, 23(2), 45-62. https://doi.org/10.12948/issn14531305/23.2.2019.05
[31]. Sultan, H., Khalique, A., Alam, S. I., & Tanweer, S. (2018). A Survey on ransomeware: Evolution, growth, and impact. International Journal of Advanced Research in Computer Science, 9(2), 802-810.
[32]. Tailor, J. P., & Patel, A. D. (2017). A comprehensive survey: Ransomware attacks prevention, monitoring and damage control. International Journal of Research and Scientific Innovation (IJRSI), 4(15), 116-121.
[33]. TechRepublic. (n.d). Infographic: Ransomware Attacks by Industry, Continent, and more. Retrieved from https://www.techrepublic.com/article/infographicransomware-attacks-by-industry-continent-and-more/
[34]. Trend Micro Incorporated. (n.d). Ransomware Repercussions: Baltimore County Sewer Charges, 2 Medical Services Temporarily Suspended. Retrieved from https://www.trendmicro.com/vinfo/de/security/news/cybercrime-and-digital-threats/ransomware-repercussionsbaltimore-county-sewer-charges-2-medical-servicestemporarily-suspended
[35]. welivesecurity. (2018). Ransomware vs. Printing Press? US Newspapers Face “Foreign Cyberattack”. Retrieved from https://www.welivesecurity.com/2018/12/31/ransomware-printing-press-newspapers/
[36]. Yslas, V. (2021). The Cost of Ransomware. Retrieved from https://valentinys.com/images/portfolio/Files/4777.pdf
[37]. Zandt. (2021). The Industries Most Affected by Ransomware. Retrieved from https://www.statista.com/chart/amp/26148/number-of-publicized-ransomwareattacks-worldwide-by-sector/
[38]. Zavarsky, P., & Lindskog, D. (2016). Experimental analysis of ransomware on windows and android platforms: Evolution and characterization. Procedia Computer Science, 94, 465-472. https://doi.org/10.1016/j.procs.2016.08.072
[39]. Zavarsky, P., & Lindskog, D. (2016). Experimental analysis of ransomware on windows and android platforms: Evolution and characterization. Procedia Computer Science, 94, 465-472. https://doi.org/10.1016/j.procs.2016.08.072
[40]. ZeJtzer, L. (2015). 5 Steps to Building a Malware Analysis Toolkit Using Free Tool. Zektzer Security Corp.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Pdf 35 35 200 20
Online 35 35 200 15
Pdf & Online 35 35 400 25

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.