Recently, ransomware has been one of the main areas of research and several researchers proposed different ransomware detection methods (such as ). Each of the ransomware families adopt variety of infection methods and payment techniques! Having an anonymous, untraceable payment system and a proved working business model, exploded the digital world with tons of different ransomware families. In 2013, CryptoLocker was probably the first family of ransomware which efficiently leveraged a crypto-currency (Bitcoin in this case) to receive ransom payment and became a role model for future ransomware families. Bitcoin is the main representative of crypto-currency . Crypto-currency is a peer-to-peer electronic currency, where the transactions are secured using cryptographic algorithms . Introduction and wide adoption of cryto-currencies was the game changer. However, lack of an untraceable payment method was the main barrier for attackers to anonymously receive ransom payment. Afterwards, there were reports of occasional ransomware infections such as scareware, GPCode and Reveton, which were trying to extort money from their victims .
It was encrypting the victim’s files and asking for money to decrypt the files . The first ransomware, named AIDS Trojan, was introduced in 1989. Either way, ransomware would request the victims to pay the ransom to (possibly) retrieve their access to encrypted files or locked systems. Ransomware may meet its objective through encrypting victim’s files (crypto-ransomware) or locking the victim machine (locker-ransomware). Ransomware, in general, is a type of malware that removes authorised users’ access to their data and returns it back only after making a payment (so-called ransom) . On May 12, 2017, a ransomware called WannaCry (also known as WannaCrypt) attacked thousands of users worldwide, particularly UK National Health Service (NHS), making a chaos in around 48 hospitals in the UK . The fast growth in both number and types made ransomware an imminent threat to our digital data . We believe that this research study is of high value for the cyber security research community, as it provides the researchers with a means of assessing the vulnerabilities and attack vectors towards the intended victims. To ease the challenge of applying our taxonomy in real world, we also provide the corresponding ransomware defence taxonomy aligned with Courses of Action matrix (an intelligence-driven defence model). CKC is a well-established model in industry that describes stages of cyber intrusion attempts. In this paper we provide, to the best of our knowledge, the first scientific taxonomy of ransomware features, aligned with Lockheed Martin Cyber Kill Chain (CKC) model. Therefore, a ransomware feature taxonomy would advance cyber defenders’ understanding of associated risks of ransomware. Though the existing body of research provides significant discussions about ransomware details and capabilities, the all research body is fragmented. Wide range of features which are available in different families and versions of ransomware further complicates their detection and analysis. Although the ransomware attack strategy seems to be simple, security specialists ranked ransomware as a sophisticated attack vector with many variations and families.
Majority of ransomware families are requesting for a ransom payment to restore a custodian access or decrypt data which were encrypted by the ransomware earlier. In spite of being just a few years old, ransomware is quickly becoming a serious threat to our digital infrastructures, data and services.
0 kommentar(er)
