SUPERIOR UNIVERSITY LAHORE

Information Security
PROJECT

Ransomware

Project Team
Student Name Student ID Program
Hamza Rahman BSCM-F16-140 BSCS
Mishal Zareen BSCM-F16-132 BSCS

Project Supervisor:
Mam Faiqa
Introduction
The God has created whole universe and his best creation is mankind. When he
created first man he put some of his good characteristics in him, and give him the
biggest weapon brain but where this weapon brings good to mankind it also bring harms
to himself, This is the circle if YIN and YAN, Since the creation of mankind the biggest
threat to mankind is the greed. He wants to take everything what others have.
Never in the history of humanity, people all over the world subject to exaction on a huge
scale as they are today. In the recent years, the usage of PCs and the Internet has
exploded and, along with this huge increase, cyber crooks have come to feed this souk,
aiming acquitted consumers with a wide range of per ware. Most of these threats are
meant unswervingly or meanderingly in receiving currency from victims.

Since the 50s, the world has seen the merits and the wonders of the Internet and World
Wide Web (WWW). Every user today is now being connected to it at an immensely
quick pace. The amount of data is now exceeding zettabytes (2^70 bytes) since last
year, and the concerns for its safety are now taking the shape of a
major problem.Pernicious content and corrupt programs have been attacking andinfecti
ng various devices around the world, and the efforts for their prevention and
eradication have also gained pace simultaneously

While each ransomware variant has their own way of spreading, all ransomware
variants rely on similar social engineering tactics to deceive users and hold their data
hostage. Let’s look at the different types of ransomware variants:

Technique:
 Crypto Locker
 WannaCry
 Bad Rabbit
 Cerber
 Crysis
 CryptoWall
 GoldenEye
 Jigsaw
 Locky
Ransomware Statics
 Comparison:

Refere Method Technique Goal limitations Attacks

nce
[1] CryptoLocke used public and private CryptoLocker Require Complete encryption
r cryptographic keys to encrypted about 67 process of all files
encrypt, and later decrypt different file types, execution
including all
Microsoft Office data
files (Cannell, 2016).
[2] WannaCry It makes use of the Encrypt all the data, Organization Loss of Privacy,
Eternal Blue doublepulser is so s that had In previous system
and the powerfull it runs in not installed large, All files
DoublePulser. kernel Microsoft's encrypted
security
update from
April 2017
were
affected by
the attack.
[3] Files are encrypted with the Appears to be a Take Attacks the system
Bad Rabbit
following algorithms: adobe exe file and backups, by phishing and
encrypt every file block smb social engineering.
1. AES-128-CBC and tcp
2. RSA-2048 ports, use
private vlans

[4] CryptoWall CryptoWall Ransomware Encrypting Use an Fake Updates and

uses the RSA2048 ransomware works alternative Spam Emails may
encryption to encrypt by obscuring the browser Bring the CryptoWall
crucial files. contents of user Use a Ransomware to Your
files, through the removable Computer
use of strong media
encryption Start
algorithms. Windows in
Safe Mode
[5] Locky AES, CTR—ECB Locky ransomware the system Attack can be done if
locks the system can be the victim download
from being logged in usually the outdated software
by its victim. restored by or spam email or any
However rebooting or unauthorized material
running in
safe mode.
Define the Techniques:

Crypto Locker

Crypto Locker botnet is one of the oldest forms of cyber attacks which has been
around for the past two decades. The Crypto Locker ransomware came into
existence in 2013 when hackers used the original Crypto Locker botnet approach
in ransomware. Crypto Locker ransomware is the most destructive form of
ransomware since it uses strong encryption algorithms. It is often impossible to
decrypt (restore) the Crypto ransomware-infected computer and files without
paying the ransom

WannaCry

WannaCry is the most widely known ransomware variant across the globe. The
WannaCry ransomware has infected nearly 125,000 organizations in over 150
countries. Some of the alternative names given to the WannaCry ransomware
are WCry or WanaCrypt0r.

Bad Rabbit

Bad Rabbit is another strain of ransomware which has infected organizations

across Russia and Eastern Europe. It usually spreads through a fake Adobe
Flash update on compromised websites.

Cerber

Cerber is another ransomware variant which targets cloud-based Office 365

users. Millions of Office 365 users have fallen prey to an elaborate phishing
campaign carried out by the Cerber ransomware.

Crysis

Crysis is a special type of ransomware which encrypts files on fixed drives,

removable drives, and network drives. It spreads through malicious email
attachments with double-file extension. It uses strong encryption algorithms
making it difficult to decrypt within a fair amount of time.
CryptoWall

CryptoWall is an advanced form of CryptoLocker ransomware. It came into

existence since early 2014 after the downfall of the original CryptoLocker variant.
Today, there are multiple variants of CryptoWall in existence. It includes
CryptoDefense, CryptoBit, CryptoWall 2.0, and CryptoWall 3.0.

GoldenEye

GoldenEye is similar to the infamous Petya ransomware. It spreads through a

massive social engineering campaign that targets human resources
departments. When a user downloads a GoldenEye-infected file, it silently
launches a macro which encrypts files on the victim's computer.

Jigsaw

Jigsaw is one of the most destructive types of ransomware which encrypts and
progressively deletes the encrypted files until a ransom is paid. It starts deleting
the files one after the other on an hourly basis until the 72-hour mark- when all
the remaining files are deleted.

Locky

Locky is another ransomware variant which is designed to lock the victim's

computer and prevent them from using it until a ransom is paid. It usually spread
through seemingly benign email message disguised as an invoice.

When a user opens the email attachment, the invoice gets deleted automatically,
and the victim is directed to enable macros to read the document. When the
victim enables macros, Locky begins encrypting multiple file types using AES
encryption.

References:

[1] Richardson, Ronny and North, Max M., "Ransomware: Evolution, Mitigation and
Prevention" (2017). Faculty Publications. 4276.
https://digitalcommons.kennesaw.edu/facpubs/4276.

[2] Static and Dynamic Analysis of WannaCry Ransomware

IEICE Information and Communication Technology Forum (ICTF), 2018
Vassilios Vassilakis, Ioannis Moscholios, Michael D. Logothetis
https://www.academia.edu/38692588/Static_and_Dynamic_Analysis_of_WannaCry_Ransomware

Understanding The WannaCry RansomWare

https://www.academia.edu/34061026/Understanding_The_WannaCry_RansomWare
https://www.academia.edu/36195089/WannaCry_Ransomware_Attack

[3] BadRabbit Ransomware

https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/
https://www.dsci.in/sites/default/files/DSCI-BadRabbit_Adv_v1.pdf

[4] CryptoWall
https://www.enigmasoftware.com/cryptowallransomware-removal/
http://red.pe.org.pl/articles/2015/11/48.pdf

[5]
Ransomware, Threat and Detection Techniques: A Review SH
† † †
Kok , Azween Abdullah , NZ Jhanjhi and Mahadevan
††
Supramaniam

http://paper.ijcsns.org/07_book/201902/20190217.pdf