Biblio
Filters: Author is Enbody, Richard [Clear All Filters]
.
2020. An Empirical Study of API Calls in Ransomware. 2020 IEEE International Conference on Electro Information Technology (EIT). :443–448.
Modern cryptographic ransomware pose a severe threat to the security of individuals and organizations. Targeted ransomware attacks exhibit refinement in attack vectors owing to the manual reconnaissance performed by the perpetrators for infiltration. The result is an impenetrable lock on multiple hosts within the organization which allows the cybercriminals to demand hefty ransoms. Reliance on prevention strategies is not sufficient and a firm comprehension of implementation details is necessary to develop effective solutions that can thwart ransomware after preventative strategies have failed. Ransomware depend heavily on the abstraction offered by Windows APIs. This paper provides a detailed review of the common API calls in ransomware. We propose four classes of API calls that can be used for profiling and generating effective API call relationships useful in automated detection. Finally, we present counts and visualizations pertaining to API call extraction from real-world ransomware that demonstrate that even advanced variants from different families carry similarities in implementation.
.
2020. An Empirical Study of Key Generation in Cryptographic Ransomware. 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.
Ransomware acquire the leverage necessary for ransom extraction via encryption of irreplaceable data. Successful encryption requires secure key generation and therefore comprehension of key generation strategies deployed in ransomware is critical for developing effective response and recovery solutions. This paper presents a systematic study of key generation strategies observed in modern ransomware with the goal of facilitating swift identification of cryptographically insecure and operationally nonviable key routines in novel threats. Empirical evidence of the identified strategies is provided in the form of code snippets and disassembly of real-world ransomware. Additionally, the identified strategies are mapped to a timeline based on the actual ransomware samples where these strategies were observed. Finally, a list of 10 questions provides guidance in recognizing the critical intricacies of key generation and deployment in novel ransomware.