Behavioural Analysis of Recent Ransom wares and Prediction of Future Attacks by Polymorphic and Metamorphic Ransomware

摘要

Attackers understand that data, files, networks and all digital resources are a key factor in the regular working and growth of any business. And because these digital resources are so dear to the business, the best and quickest way to earn big money is to hold all these resources at ransom. Thus, born ransomware are malwares that normally encrypt all your important files and ask for money to provide you with the decryption key. Some ransomware enters the system through social engineering, while others try to find vulnerabilities, open ports or employ backdoors to get inside. In any case, their main aim is commercial gain. Ransomware is the biggest threat to enterprises and has the potential to bring business at standstill and cause huge loss to economy. In this paper, we do an analytical study of the behaviours of the recent ransomwares that have attacked businesses and individuals alike. We run them in a simulated environment and analyse their attack process, file system analysis, persistence analysis and network-level analysis. We also employ tools like Cuckoo to do this behaviour analysis part. After that, we predict the future types of ransomwares which can be created easily by using available toolkits like ADMMutate, Clet and Phatbot. We also predict the impact and the threat they can cause and how difficult it would be to detect them after they employ all the mentioned stealth techniques.