Ransomware remains one of the main threats facing companies and governments in the last few years. According to the predictions, ransomware will cause damage of US$ 20 billion by 2021 [1]. This malware is mainly used for extortion by encrypting sensible data and asking for a certain amount of money (which may vary from a few hundred to millions of dollars) for the decrypt key [2]. As of today, although there are different security mechanisms to protect against this kind of attack [3], the number of attacks still has a very high success rate.
The goal of this thesis is to (i) analyze different open-source ransomware projects (e.g., HiddenTear and RAASNet) to identify its common characteristics and behaviors, (ii) investigate and map technical details from the most common ransomware (e.g., WannaCry, Cryptolocker, and BadRabbit) [4], (iii) provide a clear view about all steps involved in a ransomware infection, and (iv) propose and discuss techniques to protect against this kind of threat.
References
[1] Varonis: 81 Ransomware Statistics, Data, Trends and Facts for 2021; June 2021, Available at https://www.varonis.com/blog/ransomware-statistics-2021/, last visit August 2021.
[2] R. Browne: Hackers behind Colonial Pipeline Attack Reportedly Received $90 million in Bitcoin before Shutting Down; May 2018, Available at https://www.cnbc.com/2021/05/18/colonial-pipeline-hackers-darkside-received-90-million-in-bitcoin.html
[3] H. Oz, A. Aris, A. Levi, A. Uluagac: A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions; PrePrint, February 2021, Available at https://arxiv.org/abs/2102.06249, last visit August 2021.
[4] Crowdstrike: Types of Ransomware; May 2021, Available at https://www.crowdstrike.com/cybersecurity-101/ransomware/types-of-ransomware/, last visit August 2021.
Supervisors: Muriel Figueredo Franco
back to the main page