Ransomware Digital Extortion: A Rising New Age Threat

Abstract

Imagine what would happen if you were stopped from accessing your own files or accessing your own computer system. Now imagine further if to get back the access someone demanded ransom amount from you. Globally increasingly social interactions and financial transactions involve few critical aspects such as digital data, computing device and the internet. This is an area where Ransomware has spread and become a major concern against digital extortion in the form of a new age threat vector to corporates and end users alike. This paper presents the various ways and methods adopted by cyber criminals against Ransomware and present an anti-malware detection system. Background/Objectives: The impact of Ransomware has caused immense damage to end users and corporates alike. Access to authorized data being blocked and being released only after the ransom demand has been mate, is a new age digital extortion has which holds promise as a viable option against the cyber-attacks on user systems, mobiles and handhelds. Methods/Statistical Analysis: The authors reviewed existing Crypto and Locker ransomware, studying their propagation, attack techniques and new emerging threat vectors as file Encryption Ransomware, Screen Lock Ransomware, Windows & Browser Lock, Pop Advertisements and URL Redirection. The authors also designed and tested cloud based malware detection system, performing comparison evaluation with and without the proposed anti-malware solution in form of sandboxes, so even if the environment got compromised, it could be easily decommissioned and rebuilt from a fresh clean virtual snapshots. The system comprised of three virtual environments running services for Malware Behavioral Analysis, Malware Code Analysis and Malware Reporting. Open source and commercial tools were used in each of the three environments. Malware Behavioral environment for analyzing malware for before and after receiving malware payload files and logs from infected user devices. Malware Code Analysis gathered assembly code and memory dumps from memory and performed analysis on malware payload instructions. The Reporting environment analyzed Web URL proactively for malicious sites hosting malware code or payloads and also checked the user system and devices for before and after analysis logs. Findings: When comparing to the standard antivirus scanners that rely on signatures, the proposed malware detection and alerting process has better malware mitigation results and advantages. The Anti-Malware scanning security apart from being a cloud service with the secure scanners operating from cloud platforms display a high level of resilience. Being a Cloud application has the standard cloud feature advantages of being elastic, scalable, pay-as-you-use, user driven cloud model. This model can also help in saving costs by promoting the BYOD concept. Application/Improvements: The Anti-Malware cloud model can be modified to offer specific payload blocking for different customers even as other customers of that very application program are able to access them and even benefit from experience of the infected customers. This model can be scale up dynamically as required.