RANSOMWARE SPREAD PREVENTION SYSTEM USING PYTHON, AUDITD AND LINUX
DOI:
https://doi.org/10.28925/2663-4023.2021.12.108116Keywords:
cybersecurity, ransomware, encryption, decryption, ransomware preventive measures, threat, information security, incident responseAbstract
The data-driven period produces more and more security-related challenges that even experts can hardly deal with. One of the most complex threats is ransomware, which is very taxing and devastating to detect and mainly prevent. The success of correlation lies in the variety of data sources. During the study of the methods of action of ransomware viruses, it was found that the main purpose is to demand ransom for decryption of data that were on the file system and during the penetration of the system, the ransomware virus successfully encrypted. The first global attack of the ransowmare (NotPetya) on the territory of Ukraine was on June 27, 2017. According to the Administration of US President Donald Trump, the attack using the NotPetya virus in June 2017 became the largest hacker attack in history. In a joint statement, the Five Eyes claimed responsibility for the attack on Russian authorities. The governments of Denmark and Ukraine are also blaming Russia for the attack. Many analysts have called these actions not just political in nature, but military aggression. A honeypot trap method was found while researching methods for detecting and counteracting ransomware. It was planned to develop a honeypot system on its own based on the Linux file system. Our research methods showed significant results in identifying ransomware processes using the honeypot concept augmented with symbolic linking to reduce damage made to the file system. The CIA (confidentiality, integrity, availability) metrics have been adhered to. We propose to optimize the malware process termination procedure and introduce an artificial intelligence-human collaboration to enhance ransomware classification and detection.
Downloads
References
Shakhovska, N., Fedushko, S., Melnykova, N., Shvorob, I., & Syerov, Y. (2019). Big Data analysis in development of personalized medical system. Procedia Computer Science, 160, 229-234.
Fedushko, S, Ustyianovych, T, Gregus, M. (2020). Real-Time High-Load Infrastructure Transaction Status Output Prediction Using Operational Intelligence and Big Data Technologies. Electronics; 9(4), 668.
Kwan, C. (2021). Acer reportedly targeted with $50 million ransomware attack. https://www.zdnet.com/
Adler, S. (2020). Incident Of The Week: Garmin Pays $10 Million To Ransomware Hackers Who Rendered Systems Useless. https://www.cshub.com/
Tailor, Jinal P., and Ashish D. Patel. (2017). A comprehensive survey: ransomware attacks prevention, monitoring and damage control. International Journal of Scientific Research 4(VIS), 15, 116-121.
Ross, B. (2016). Ransomware attacks: detection, prevention and cure. Network Security, 9, 5-9.
Dudykevych, V., Prokopyshyn, I., Chekurin, V., Opirskyy, I., Lakh, Y., Kret, T., Ivanchenko, Y., Ivanchenko, I. (2019). A multicriterial analysis of the efficiency of conservative information security systems. Eastern-european journal of enterprise technologies. Information and controlling system, 3(9(99)), 6-13.
Vasylyshyn, S., Opirskyy, I., Susukailo, V. Analysis of the use of software baits as a means of ensuring information security // 2020 IEEE 15th International Scientific and Technical Conference on Computer Sciences and Information Technologies, CSIT 2020 - Proceedings, 2020, 2, pp. 242–245, 9321925
Hu, Z., Khokhlachova, Y., Sydorenko, V., Opirskyy, I. (2017). Method for Optimization of Information Security Systems Behavior under Conditions of Influences. International Journal of Intelligent Systems and Applications (IJISA), 9(12), 46-58.
Kharraz, A., Kirda, E. (2017) Redemption: Real-Time Protection Against Ransomware at End-Hosts. In: Dacier M., Bailey M., Polychronakis M., Antonakakis M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2017. Lecture Notes in Computer Science, 10453. Springer, Cham. https://doi.org/10.1007/978-3-319-66332-6_5
Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (pp. 303-312). IEEE.
Joshi, Y.S., Mahajan, H., Joshi, S.N. et al. (2021). Signature-less ransomware detection and mitigation. J Comput Virol Hack Tech. https://doi.org/10.1007/s11416-021-00384-0
Poudyal, S., Dasgupta, D. (2020). AI-Powered Ransomware Detection Framework, In IEEE Symposium Series on Computational Intelligence (SSCI), (pp. 1154-1161). https://doi: 10.1109/SSCI47803.2020.9308387.
Hagen, C., Dmitrienko, A., Iffländer, L., Jobst, M., & Kounev, S. (2018). Efficient and effective ransomware detection in databases. In Annu. Comput. Secur. Appl. Conf.(ACSAC).
Moore, C. (2016). Detecting Ransomware with Honeypot Techniques. In Cybersecurity and Cyberforensics Conference (CCC), 77-81. https://doi: 10.1109/CCC.2016.14.
Sethia, V., Jeyasekar, A. (2019). Malware Capturing and Analysis using Dionaea Honeypot. International Carnahan Conference on Security Technology (ICCST), Chennai, India, (pp. 1-4). https://doi: 10.1109/CCST.2019.8888409.
Matin, I. M. M., & Rahardjo, B. (2019). Malware detection using honeypot and machine learning. У 2019 7th international conference on cyber and IT service management (CITSM). IEEE. https://doi.org/10.1109/citsm47753.2019.8965419
tarcisio-marinho (2020). https://github.com/tarcisio-marinho/GonnaCry
Panagiotis Drakatos (2017). JavaRansomware. https://github.com/PanagiotisDrakatos/JavaRansomware
Leon Voerman (leonv024) (2020). RAASNet. https://github.com/leonv024/RAASNet