Analysis of Crypto-Ransomware Using Network Traffic

Ransomware is a form of malware attack that makes use of encryption to make information inaccessible for the motive of gathering a specified amount of payment. Many victims of this attack who couldn’t recover their information from backups have been compelled to decide between losing the information...

Full description

Saved in:
Bibliographic Details
Published in:Journal of Information Security and Cybercrimes Research (Online) 2022-06, Vol.5 (1), p.72-79
Main Authors: Owolafe, Otasowie, F. Thompson, Aderonke
Format: Article
Language:English
Subjects:
crypto-mix
crypto-ransomware
crypto-shield
cybersecurity
message block (smb2)
network traffic
ransomware
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Ransomware is a form of malware attack that makes use of encryption to make information inaccessible for the motive of gathering a specified amount of payment. Many victims of this attack who couldn’t recover their information from backups have been compelled to decide between losing the information or paying the sum requested by the attacker. This research shows some of the various samples of ransomware, the phases of attack, and the chance of recognizing ransomware by the network traffic patterns it generates. Traffic generated from the infected system was considered. Experimental results from the ransomware detection show that some certain ransomware is very noisy and generates noticeable traffic patterns. In light of traffic information gathered from ransomware, conceivable discovery thoughts could be investigated. The result of the analysis shows that some ransomware generates traffic that is different from normal network traffic. Also, the infection of the file server system shows that the length and time vary but after infection the time for the different samples of ransomware to carry out its encryption is constant.
ISSN:1658-7782
1658-7790
DOI:10.26735/JVUJ3498