Analysis of Ransomware Attacks in Windows Operating System Using the Approach of Memory Analysis

Muhammad Ichsan Rabani Lidanta
Vera Suryani
Erwid Musthofa Jadied


DOI: https://doi.org/10.29100/jipi.v10i3.6317

Abstract


Ransomware is a growing and evolving problem in digital security. The significant losses caused by ransomware can target individuals as well as companies and organizations due to its increasingly complex and escalating threats. To address this issue, a memory analysis approach is needed to gain a better understanding of its characteristics and behavior. This research proposes a memory analysis approach as a means to detect and analyze ransomware. The memory analysis approach involves capturing the memory running on an infected operating system. This approach can also assist in detection and analyzing ransomware samples that may go undetected by traditional security tools. The result shows the memory analysis approach is capable of detecting WannaCry infections through the analysis of running processes and DLL files. However, this method was not successful in detecting other ransomware infections such as Jigsaw and Locky. These results indicate that the specific characteristics of WannaCry make it identifiable through this approach, while other types of ransomwares may require different detection techniques.

Keywords


Detection; Memory Analysis; Ransomware; Suspicious Activities

Full Text:

PDF

Article Metrics :

References


D. Y. Huang et al., “Tracking Ransomware End-to-end,” in 2018 IEEE Symposium on Security and Privacy (SP), IEEE, May 2018, pp. 618–631. doi: 10.1109/SP.2018.00047.

B. A. Khalaf et al., “An Adaptive Protection of Flooding Attacks Model for Complex Network Environments,” Security and Communication Networks, vol. 2021, pp. 1–17, Apr. 2021, doi: 10.1155/2021/5542919.

Z. K. Maseer, R. Yusof, S. A. Mostafa, N. Bahaman, O. Musa, and B. Ali Saleh Al-rimy, “DeepIoT.IDS: Hybrid Deep Learning for Enhancing IoT Network Intrusion Detection,” Computers, Materials & Continua, vol. 69, no. 3, pp. 3945–3966, 2021, doi: 10.32604/cmc.2021.016074.

A. Tandon and A. Nayyar, “A Comprehensive Survey on Ransomware Attack: A Growing Havoc Cyberthreat,” in Advances in Intelligent Systems and Computing, vol. 839, Springer Verlag, 2019, pp. 403–420. doi: 10.1007/978-981-13-1274-8_31.

J. Hwang, J. Kim, S. Lee, and K. Kim, “Two-Stage Ransomware Detection Using Dynamic Analysis and Machine Learning Techniques,” Wirel Pers Commun, vol. 112, no. 4, pp. 2597–2609, Jun. 2020, doi: 10.1007/s11277-020-07166-9.

A. Zimba and M. Chishimba, “On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems,” European Journal for Security Research, vol. 4, no. 1, pp. 3–31, Apr. 2019, doi: 10.1007/s41125-019-00039-8.

I. A. Chesti, M. Humayun, N. U. Sama, and N. Z. Jhanjhi, “Evolution, Mitigation, and Prevention of Ransomware,” in 2020 2nd International Conference on Computer and Information Sciences, ICCIS 2020, Institute of Electrical and Electronics Engineers Inc., Oct. 2020. doi: 10.1109/ICCIS49240.2020.9257708.

R. Sihwail, K. Omar, and K. A. Z. Ariffin, “An Effective Memory Analysis for Malware Detection and Classification,” Computers, Materials and Continua, vol. 67, no. 2, pp. 2301–2320, 2021, doi: 10.32604/cmc.2021.014510.

M. Alam, S. Sinha, S. Bhattacharya, S. Dutta, D. Mukhopadhyay, and A. Chattopadhyay, “RAPPER: Ransomware Prevention via Performance Counters,” Apr. 2020, [Online]. Available: http://arxiv.org/abs/2004.01712

N. Hampton, Z. Baig, and S. Zeadally, “Ransomware behavioural analysis on windows platforms,” Journal of Information Security and Applications, vol. 40, pp. 44–51, Jun. 2018, doi: 10.1016/j.jisa.2018.02.008.

K. Cabaj, M. Gregorczyk, and W. Mazurczyk, “Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics.”

T. R. Reshmi, “Information security breaches due to ransomware attacks - a systematic literature review,” International Journal of Information Management Data Insights, vol. 1, no. 2. Elsevier Ltd, Nov. 01, 2021. doi: 10.1016/j.jjimei.2021.100013.

M. Weninger, P. Grünbacher, E. Gander, and A. Schörgenhumer, “Evaluating an Interactive Memory Analysis Tool: Findings from a Cognitive Walkthrough and a User Study,” Proc ACM Hum Comput Interact, vol. 4, no. EICS, Jun. 2020, doi: 10.1145/3394977.

V. R. Sali and H. K. Khanuja, RAM Forensics: The Analysis and Extraction of Malicious processes from memory Image using GUI based Memory Forensic Toolkit. 2018.

R. Sihwail, K. Omar, K. A. Z. Ariffin, and S. Al Afghani, “Malware detection approach based on artifacts in memory image and dynamic analysis,” Applied Sciences (Switzerland), vol. 9, no. 18, Sep. 2019, doi: 10.3390/app9183680.

S.Poudyal, K. P. Subedi, and D. Dasgupta, A Framework for Analyzing Ransomware using Machine Learning. 2018.

I. Kara, “A Basic Malware Analysis Method,” Computer Fraud & Security, 2019.

J. Kävrestad, M. Birath, and N. Clarke, “Memory Analysis Tools,” 2024, pp. 211–219. doi: 10.1007/978-3-031-53649-6_19.

A. Singh, S. Taterh, and U. Mitra, “An Efficient Tactic for Analysis and Evaluation of Malware Dump File Using the Volatility Tool,” 2023, pp. 457. doi: 10.1007/s42979-023-01844-8.

F. Freiling, T. Grob, T. Muller, and R. Palutke, “Advances in Forensic Data Acquisition,” 2018, pp. 63-74. doi: 10.1109/MDAT.2018.2862366.


Tips Main yang Aman dan Seru

judi bolavipbet88vipbet88bolago88clubjudi