Abstract

Ransomware is a well-known form of malware known for causing severe and permanent damage to its targets. Timely identification of such attacks is important to mitigate the consequences of these attacks. According to Data Breach Investigation Report (DBIR), since 2021, ransomware attacks have grown 17% yearly. It is widely considered a major cybersecurity threat at individual and organizational levels. There are several techniques that organizations can use to manage ransomware, such as backup, network segmentation, HR education, endpoint protection, and advanced threat hunting. It’s worth noting that only some techniques are foolproof, and a comprehensive defense strategy often involves combining multiple techniques. Ransomware has been used in the context of the Russia-Ukraine war, primarily by Russian-backed cybercriminal groups. These groups have targeted Ukrainian infrastructure and businesses with ransomware attacks, encrypting their victims’ data and demanding payment to unlock the data. These attacks have caused significant disruptions and financial losses for the targeted organizations. The paper aims to study the ransomware technique and summarize the most prominent threat actors involved in the war. We have chosen one of the well-known malwares,” HermeticRansom”, performed its thorough analysis and created a Yara rule for its detection.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.