Visible to the public Static and Dynamic Analysis of Third Generation Cerber Ransomware

TitleStatic and Dynamic Analysis of Third Generation Cerber Ransomware
Publication TypeConference Paper
Year of Publication2018
AuthorsKara, I., Aydos, M.
Conference Name2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT)
ISBN Number978-1-7281-0472-0
KeywordsBig Data, Cerber, composability, Computer crime, criminal justice, cryptography, cyber criminals, cyber terrorism, Deep Learning, economical scumming, Encryption, invasive software, malicious ransomware software, Malware, malware detection, Metrics, official databases, political power, pubcrawl, ransomware, Resiliency, social power, technical analysis, third generation cerber ransomware
Abstract

Cyber criminals have been extensively using malicious Ransomware software for years. Ransomware is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motives for such attacks are not only limited to economical scumming. Illegal attacks on official databases may also target people with political or social power. Although billions of dollars have been spent for preventing or at least reducing the tremendous amount of losses, these malicious Ransomware attacks have been expanding and growing. Therefore, it is critical to perform technical analysis of such malicious codes and, if possible, determine the source of such attacks. It might be almost impossible to recover the affected files due to the strong encryption imposed on such files, however the determination of the source of Ransomware attacks have been becoming significantly important for criminal justice. Unfortunately, there are only a few technical analysis of real life attacks in the literature. In this work, a real life Ransomware attack on an official institute is investigated and fully analyzed. The analysis have been performed by both static and dynamic methods. The results show that the source of the Ransomware attack has been shown to be traceable from the server's whois information.

URLhttps://ieeexplore.ieee.org/document/8625353
DOI10.1109/IBIGDELFT.2018.8625353
Citation Keykara_static_2018