Ransomware | Science of Security Virtual Organization

Ransomware


	Ransomware

“Ransomware” is the name given to malicious software that locks a computer until an extorted fee or ransom is paid for the key to unlock it. This ransom is usually paid in bitcoin. For the Science of Security community, there are implications for resiliency, composability, and metrics. The work cited here, much of it from the popular press, was recently published.

Tianda Yang, Yu Yang, Kai Qian, D. C. T. Lo, Ying Qian, and Lixin Tao, “Automated Detection and Analysis for Android Ransomware,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1338-1343. doi: 10.1109/HPCC-CSS-ICESS.2015.39

Abstract: Along with the rapid growth of new science and technology, the functions of smartphones become more and more powerful. Nevertheless, everything has two aspects. Smartphones bring so much convenience for people and also bring the security risks at the same time. Malicious application has become a big threat to the mobile security. Thus, an efficiency security analysis and detection method is important and necessary. Due to attacking of malicious application, user could not use smartphone normally and personal information could be stolen. What is worse, attacking proliferation will impact the healthy growth of the mobile Internet industry. To limit the growing speed of malicious application, the first thing we need to know what malicious application is and how to deal with. Detecting and analyzing their behaviors helps us deeply understand the attacking principle such that we can take effective countermeasures against malicious application. This article describes the basic Android component and manifest, the reason that Android is prevalent and why attacking came in. This paper analyzed and penetrated malicious ransom ware which threats mobile security now with our developed automated analysis approach for such mobile malware detection.

Keywords: Android (operating system); invasive software; mobile computing; smart phones; Android component; automated Android ransomware analysis; automated Android ransomware detection; malicious application; mobile Internet industry; mobile malware detection; mobile security analysis; personal information; security detection method; smartphones; Androids; Computer crime; Humanoid robots; Malware; Mobile communication; Smart phones; Android application analysis; Automatic analysis; dynamic analysis; static analysis (ID#: 16-10584)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336353&isnumber=7336120

M. M. Ahmadian, H. R. Shahriari and S. M. Ghaffarian, “Connection-Monitor & Connection-Breaker: A Novel Approach for Prevention and Detection of High Survivable Ransomwares,” Information Security and Cryptology (ISCISC), 2015 12th International Iranian Society of Cryptology Conference on, Rasht, 2015, pp. 79-84. doi: 10.1109/ISCISC.2015.7387902

Abstract: Ransomwares have become a growing threat in recent years, and this situation continues to worsen. It rose awareness on a particular class of malwares which extort a ransom in exchange for a captive asset. Most widespread ransomwares make an intensive use of data encryption. Basically, they encrypt various files on victim's hard drives, removable drives and mapped network shares before asking for a ransom to get the files decrypted. In this paper, at first we propose a comprehensive ransomware taxonomy. Then, based on this taxonomy and according to a principal feature which we discovered in high survivable ransomwares (HSR) in the key exchange protocol step, we present a novel approach for detecting high survivable ransomwares and preventing them from encrypting victim's data. Experimental evaluation demonstrates that our framework can detect variants of recent dangerous ransomwares.

Keywords: cryptographic protocols; invasive software; CM&CB; comprehensive ransomware taxonomy; connection-monitor & connection breaker; data encryption; high survivable ransomwares; key exchange protocol; malwares; ransomware detection; ransomware prevention; Decision support systems; cryptovirology; high survivable ransomwares; malware detection; malware prevention; ransomware (ID#: 16-10585)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387902&isnumber=7387888

“News Briefs,” in Computer, vol. 47, no. 10, pp. 14-20, Oct. 2014. doi: 10.1109/MC.2014.293

Abstract: Topics include an intensification of the digital crime wave that began in late 2013; technology companies supporting an inexpensive wireless technology that could bring Internet access to poor and remote areas; Intel developing a small, energy-efficient chip that could enable ultrathin mobile devices; a new approach that lets huge robot swarms self-assemble into complex shapes; scientists using visible light for car-to-car communications; NATO preparing to approve a mutual cyberattack defense pact; systems that secretly track cell phone owners' movements becoming increasingly popular; NASA developing tumbling robotic cubes for exploring asteroids; ransomware being found on Android phones for the first time; researchers naming the most hackable cars; and a list of US colleges providing computer-science graduates with the greatest earning potential.

Keywords: AB Acquisition; Android phones; Apple; Brian Krebs; Broadwell; Charlie Miller; Chris Valasek; ColdBrother; Community Health Systems; Core M; Defentek; Facebook; Google; Harvard University; Home Depot; IEEE 802.22;Intel;International Mobile Subscriber Identity catchers; JPMorgan Chase; Jennifer Lawrence; Kate Upton; Microsoft; NASA; NATO; North Atlantic Council; North Atlantic Treaty Organization; PayScale; ScareMeNot; ScarePackage; SkyLock; StingRay; SuperValu; VLC; WhiteSpace Alliance; Wi-FAR; asteroids; car-to-car communications; cybercrime; fanless chip; hackable vehicles; iCloud; mobile processor; mutual cyberattack defense pact; privacy; ransomware; robot; security; self assemble; track cell phones; tumbling robotic cubes; visible light communications; wireless (ID#: 16-10586)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6926732&isnumber=6926651

“News Briefs,” in Computer, vol. 47, no. 12, pp. 16-20, Dec. 2014. doi: 10.1109/MC.2014.362

Abstract: Topics include malicious-advertising attacks inflicting ransomware on victims, an application that promises to predict Ebola outbreaks, the US rejecting more software-patent applications than in the past, China reportedly attacking Apple's iCloud, a game company forcing the shutdown of a gamebot maker, new Ethernet versions that are on the way, wearable technology that adheres to the user's skin, a system that lets babies isolated in incubators feel their mothers' heartbeats, a start-up developing smart gun technology for police, and scientists designing robotic penguin chicks to monitor real penguins.

Keywords: 2.5-gigabit Ethernet; 25-gigabit Ethernet; 400-gigabit Ethernet; 50gigabit Ethernet; Apple; Babybe; Biostamp; Blizzard Entertainment; CLS v. Alice; Camilo Andrés Anabalón Alamos; China; Crawlerbots; Cryptowall;Dr. Mohamad-Ali Trad;Ebola; Ethernet; Ethernet Alliance; FlashPack Exploit Kit; Hearthstone: Heroes of Warcraft; IEEE 802.3 Working Group; Kilpatrick Townsend & Stockton; Lex Machina; MC10 Inc.; Proofpoint; Qihoo; Raphael P.M. Lang; US Patent and Trademark Office; US Supreme Court; USPTO; University of Strasbourg; University of Tokyo; VivaLink; Yardarm Technologies; digital tattoo; gamebots; games; iCloud; iOS 8; iPhone 6; malvertising; networking; penguins; ransomware; security; sensor technology; smart gun; software patents; wearable technology (ID#: 16-10587)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6992911&isnumber=6992910

C. U. Om Kumar, S. Kishore, and A. Geetha, “Debugging Using MD5 Process Firewall,” Contemporary Computing and Informatics (IC3I), 2014 International Conference on, Mysore, 2014, pp. 1279-1284. doi: 10.1109/IC3I.2014.7019657

Abstract: An Operating system (OS) is software that manages computer hardware and software resources by providing services to computer programs. One of the important user expectations of the operating system is to provide the practice of defending information from unauthorized access, disclosure, modification, inspection, recording or destruction. Operating system is always vulnerable to the attacks of malwares such as computer virus, worm, Trojan horse, backdoors, ransomware, spyware, adware, scareware and more. And so the anti-virus software were created for ensuring security against the prominent computer viruses by applying a dictionary based approach. The anti-virus programs are not always guaranteed to provide security against the new viruses proliferating every day. To clarify this issue and to secure the computer system, our proposed expert system concentrates on authorizing the processes as wanted and unwanted by the administrator for execution. The Expert system maintains a database which consists of hash code of the processes which are to be allowed. These hash codes are generated using MD5 message-digest algorithm which is a widely used cryptographic hash function. The administrator approves the wanted processes that are to be executed in the client in a Local Area Network by implementing Client-Server architecture and only the processes that match with the processes in the database table will be executed by which many malicious processes are restricted from infecting the operating system. The add-on advantage of this proposed Expert system is that it limits CPU usage and minimizes resource utilization. Thus data and information security is ensured by our system along with increased performance of the operating system.

Keywords: authorisation; client-server systems; cryptography; firewalls; invasive software; local area networks; operating systems (computers); program debugging; software architecture; MD5 message-digest algorithm; MD5 process firewall; client-server architecture; computer programs; cryptographic hash function; debugging; local area network; malwares; operating system; unauthorized access; user expectations; Computers; Databases; Dictionaries; Expert systems; Malware; Operating systems; Adware; CPU Usage and Resource Utilization; MD5; Process Table; Ransomware; Scareware; Spyware; Sticky Software; Trojan horse; Virus; back doors; worm (ID#: 16-10588)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019657&isnumber=7019573

L. Garber, “News Briefs,” in Computer, vol. 46, no. 8, pp. 18-20, August 2013. doi: 10.1109/MC.2013.284

Abstract: Topics include a new Chinese supercomputer that ranks as the world's most powerful, research into using millimeter-wave frequencies to enable 5G wireless communications, security experts finding the first ransomware that affects mobile devices, Google beginning work on a project to provide broad Internet access via a network of high-altitude balloons, an innovative robotic jellyfish that could serve as an underwater spy, and the Oxford English Dictionary breaking with its own tradition and adding the word “tweet.”

Keywords: Educational institutions; Internet; Millimeter wave technology; Mobile communication; Robots; Smart phones; Supercomputers; 5G; Android Defender; China; Cyro; Google; Internet access; National University of Defense Technology; Oxford English Dictionary; Project Loon; Samsung; Tianhe-2;Titan; Virginia Polytechnic Institute and State University; Virginia Tech; balloons; malware; millimeter wave; mobile; ransomware; robotics; security; supercomputer; tweet; wireless (ID#: 16-10589)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6583194&isnumber=6583166

“News Briefs,” in Computer, vol. 47, no. 7, pp. 16-21, July 2014. doi: 10.1109/MC.2014.189

Abstract: Topics include governments disrupting two major cyberattack systems, eBay facing investigations into a huge data breach, practical applications emerging for the Internet of Things, the EU's top court supporting the “right to be forgotten,” police arresting malware suspects in an international cybercrime crackdown, a study showing that facial-recognition algorithms are improving rapidly, MIT using lasers and telescopes to bring high-speed communications to lunar satellite, IBM experimenting with “electronic blood“ to power and cool supercomputers, a researcher developing a new technique for baking robot components to make them self-assemble, and Google replacing Apple as the world's most valuable brand.

Keywords: Computer hacking; Computers; Cryptography; Europe; Google; Moon; Terrestrial atmosphere; Apple; Blackshades; BrandZ Top 100 Most Valuable Global Brands 2014; Bruno Michel; Cassidy Wolf; Cisco Systems; Computer Science and Artificial Intelligence Lab; Connected Car Dashboards; CryptoLocker; Daniela Rus; EU; Erik Demaine; Eurojust; European Court of Justice; European Union; Europol; Evgeniy Mikhailovich Bogachev; Ford Motor Co.; Gameover Zeus; Google; Google Spain; HydroPoint Data Systems; IBM; Internet of Things; IoT; LLCD; Lincoln Laboratory; Lunar Laser Communication Demonstration; MIT; Microsoft; Millward Brown; NASA's Lunar Atmosphere and Dust Environment Explorer; NIST; Operation Tovar; Pirelli; Real-Time Location System; Spanish Data Protection Agency; Splunk; Stanley Healthcare; Trojan; US Federal Bureau of Investigation; US Justice Department; US National Institute of Standards and Technology; WeatherTRAK; botnet; eBay; electronic blood; facial recognition; history of computing; malware; practical applications; privacy; ransomware; robotics; security; self-assembly; supercomputers; the European Cybercrime Center (ID#: 16-10590)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6861917&isnumber=6861869

“Flying Robots Designed to Form Emergency Network,” in Computer, vol. 44, no. 5, pp. 14-16, May 2011. doi: 10.1109/MC.2011.146

Abstract: European academic researchers have developed a constellation of robust, lightweight flying robots using wireless communications that could be employed in mapping, remote sensing, ground searches, and other similar operations. The robots consist of a flying-wing airframe, with neither fuselage nor tail. They are propelled by a single electric motor running on a battery capable of 30 minutes. The aircraft have an 80-centimeter wingspan, weigh about 500 grams, and are built with inexpensive, lightweight yet strong polypropylene foam. Their airspeeds can range between 8 and 20 meters per second (between 18 and 45 miles per hour), and they can fly as high as several kilometers, although a swarm generally stays below 150 meters to avoid conflicts with general aviation.

Keywords: aerospace components; aerospace robotics; polymers; radiocommunication; electric motor; emergency network; flying-wing airframe; ground search operation; mapping operation; polypropylene foam; remote sensing operation; wingspan; wireless communications; SMAVNET; botnets; dual-core processors; flying robots; mobile computing Trojans; mobile malware; organic thin-film transistors (OTFTs); phishing; ransomware; spyware (ID#: 16-10591)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5767722&isnumber=5767713

L. D. Paulson, “News Briefs,” in Computer, vol. 38, no. 7, pp. 24-25, July 2005. doi: 10.1109/MC.2005.238

Abstract: Proponents are about to initiate a project designed to issue standard identification codes for viruses, worms, and Trojan horses. This plan is designed to end the confusion produced by the current practice of security companies each having their own name for a specific type of malware. The US Computer Emergency Readiness Team - which coordinates cyberattack responses as part of the US Department of Homeland Security - has finished testing its Common Malware Enumeration (CME) project and is making it available for adoption by security companies. The MITRE Corp., which conducts R&D programs for the federal government, runs the CME project for US-CERT with the help of antivirus companies. When a malware attack occurs, an industry researcher would submit a code sample and a description to CME officials. A CME panel of security-company representatives would discuss the malware and determine whether it is the same as or different from an existing threat. If different, the board would issue an identifier. MITRE would then publish information about the malware on the CME Web site.

Keywords: invasive software; Common Malware Enumeration project; MITRE Corp.; Trojan horses; US Computer Emergency Readiness Team; US Department of Homeland Security; antivirus company; computer viruses; cyberattack response; identification code; intrusion detection; security company; worms; Global Grid Forum; Globus Alliance; Web security; essay-grading software; grid computing; hackers; microprocessors; predictive model-building; ransomware; robotics; self-replicating robots; software; standards (ID#: 16-10592)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1463100&isnumber=31455

S. Grzonkowski, A. Mosquera, L. Aouad, and D. Morss, “Smartphone Security: An Overview of Emerging Threats,” in IEEE Consumer Electronics Magazine, vol. 3, no. 4, pp. 40-44, Oct. 2014. doi: 10.1109/MCE.2014.2340211

Abstract: The mobile threat landscape has undergone rapid growth as smartphones have increased in popularity. The first generation of mobile threats saw attackers relying on various scams delivered through SMS. As the technology progressed and Web browsers, e-mail clients, and custom applications became standard on smartphones, attackers started exploiting new possibilities beyond traditional e-mail spam and phishing attacks. The landscape continues to evolve with mobile bitcoin miners, botnets, and ransomware.

Keywords: computer crime; invasive software; online front-ends; smart phones; telecommunication security; unsolicited e-mail; SMS; Web browsers; attackers; botnets; custom applications; e-mail clients; e-mail spam; emerging threats; mobile bitcoin miners; mobile threat landscape; phishing attacks; ransomware; scams; smartphone security; Computer security; Malware; Mobile communication; Network security; Privacy; Smart phones; Software development (ID#: 16-10593)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6914660&isnumber=6914657

A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, and G. Vigna, “What the App is That? Deception and Countermeasures in the Android User Interface,” Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 931-948. doi: 10.1109/SP.2015.62

Abstract: Mobile applications are part of the everyday lives of billions of people, who often trust them with sensitive information. These users identify the currently focused app solely by its visual appearance, since the GUIs of the most popular mobile OSes do not show any trusted indication of the app origin. In this paper, we analyze in detail the many ways in which Android users can be confused into misidentifying an app, thus, for instance, being deceived into giving sensitive information to a malicious app. Our analysis of the Android platform APIs, assisted by an automated state-exploration tool, led us to identify and categorize a variety of attack vectors (some previously known, others novel, such as a non-escapable full screen overlay) that allow a malicious app to surreptitiously replace or mimic the GUI of other apps and mount phishing and click-jacking attacks. Limitations in the system GUI make these attacks significantly harder to notice than on a desktop machine, leaving users completely defenseless against them. To mitigate GUI attacks, we have developed a two-layer defense. To detect malicious apps at the market level, we developed a tool that uses static analysis to identify code that could launch GUI confusion attacks. We show how this tool detects apps that might launch GUI attacks, such as ransom ware programs. Since these attacks are meant to confuse humans, we have also designed and implemented an on-device defense that addresses the underlying issue of the lack of a security indicator in the Android GUI. We add such an indicator to the system navigation bar, this indicator securely informs users about the origin of the app with which they are interacting (e.g., The Pay Pal app is backed by “Pay Pal, Inc.”). We demonstrate the effectiveness of our attacks and the proposed on-device defense with a user study involving 308 human subjects, whose ability to detect the attacks increased significantly when using a system equipped with our defense.

Keywords: Android (operating system); graphical user interfaces; invasive software; program diagnostics; smart phones; Android platform API; Android user interface; GUI confusion attacks; app origin; attack vectors; automated state-exploration tool; click-jacking attacks; desktop machine; malicious app; mobile OS; mobile applications; on-device defense; phishing attacks; ransomware programs; security indicator; sensitive information; static analysis; system navigation bar; trusted indication; two-layer defense; visual appearance; Androids; Graphical user interfaces; Humanoid robots; Navigation; Security; Smart phones; mobile-security; static-analysis; usable-security (ID#: 16-10594)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163069&isnumber=7163005

A. Sanatinia and G. Noubir, “OnionBots: Subverting Privacy Infrastructure for Cyber Attacks,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 69-80. doi: 10.1109/DSN.2015.40

Abstract: Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots can achieve a low diameter and a low degree and be robust to partitioning under node deletions. We develop a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.

Keywords: IP networks; computer network management; computer network security; data privacy; fault tolerant computing; telecommunication traffic; Cyber Attacks; IP-based mitigation techniques; OnionBots; SOAP; Tor; botnets; cryptographic mechanisms; destination information; host IP address; illegal activities; information nature; node deletions; privacy infrastructure subversion; resilient-stealthy botnets; self-healing network maintenance scheme; source information; Cryptography; Maintenance engineering; Peer-to-peer computing; Privacy; Relays; Servers; botnet; cyber security; privacy infrastructure; self-healing network (ID#: 16-10595)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266839&isnumber=7266818

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.