Analyzing WannaCry Ransomware Considering the Weapons and Exploits

As ransomware has increased in popularity, its creators are using our fears to their advantage. The rapid proliferation of ransomware attacks indicates the growing tendency of ransomware-as-a-service (RaaS) and the integration of hacking weapons. This paper presents the analysis of the infamous Wann...

Full description

Saved in:
Bibliographic Details
Main Authors: KAO, Da-Yu, HSIAO, Shou-Ching, TSO, Raylin
Format: Conference Proceeding
Language:English
Subjects:
Communications technology
Computer crime
Encryption
Hacking Weapons
Network Analysis
Ransomware
Reverse Engineering Analysis
Task analysis
WannaCry Exploits
Weapons
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As ransomware has increased in popularity, its creators are using our fears to their advantage. The rapid proliferation of ransomware attacks indicates the growing tendency of ransomware-as-a-service (RaaS) and the integration of hacking weapons. This paper presents the analysis of the infamous WannaCry ransomware, which is one of the most propagated and damaging malware in 2017. The anatomy of ransomware attacks is discussed to understand the multi-phased execution of WannaCry, including the deployment, installation, destruction, and command-and-control. The chain of WannaCry's execution comprises several hacking weapon components. WannaCry not only embeds the binary in the resource section for multi-phased execution, but also implements a strong encrypting algorithm and a key structure. A reverse engineering analysis of each component, along with the network analysis of WannaCry's exploits offers an insight into the inner design of WannaCry. The observations of this research contribute to recent security systems and future defense strategies.
ISSN:1738-9445
DOI:10.23919/ICACT.2019.8702049