UNRAVELING RANSOMWARE IN THE DIGITAL BATTLEFIELD: THREAT ANALYSIS AND COUNTERMEASURES

Abstract

Ransomware is a well-known form of malware known for causing severe and permanent damage to its targets. Timely identification of such attacks is important to mitigate the consequences of these attacks. According to Data Breach Investigation Report (DBIR), since 2021, ransomware attacks have grown 17% yearly. It is widely considered a major cybersecurity threat at individual and organizational levels. There are several techniques that organizations can use to manage ransomware, such as backup, network segmentation, HR education, endpoint protection, and advanced threat hunting. It’s worth noting that only some techniques are foolproof, and a comprehensive defense strategy often involves combining multiple techniques. Ransomware has been used in the context of the Russia-Ukraine war, primarily by Russian-backed cybercriminal groups. These groups have targeted Ukrainian infrastructure and businesses with ransomware attacks, encrypting their victims’ data and demanding payment to unlock the data. These attacks have caused significant disruptions and financial losses for the targeted organizations. The paper aims to study the ransomware technique and summarize the most prominent threat actors involved in the war. We have chosen one of the well-known malwares,” HermeticRansom”, performed its thorough analysis and created a Yara rule for its detection.