Analysis of Ransomware Attack and Their Countermeasures: A Review

Proceedings of the International Conference on Electronics and Renewable Systems (ICEARS 2022) IEEE Xplore Part Number: CFP22AV8-ART; ISBN: 978-1-6654-8425-1 2022 International Conference on Electronics and Renewable Systems (ICEARS) | 978-1-6654-8425-1/22/$31.00 ©2022 IEEE | DOI: 10.1109/ICEARS53579.2022.9751949 Analysis of Ransomware Attack and Their Countermeasures: A Review Nikhil Sharma Ravi Shanker Lovely Professional University, Department Of Computer Science and Engineering, Phagwara, Punjab 144411, India nikhilji655@g mail.co m Lovely Professional University, Department Of Computer Science and Engineering, Phagwara, Punjab 144411, India [email protected] Abstract—Ransomware is a type of malicious software. Computers infected with ransomware have restricted access to the system. It is a malicious program, and money must be provided to the creator of the malicious code to release it. With the substantial increase in the number of ransomware attacks, on May-12-2017, network security issues began to heat up. This article describes the types of countermeasures against ransomware and cyber terrorism. In recent years, ransomware has been under constant attack and has high infectious power: S pora, CryptoLocker, Locky, CryptoWall, Petya, Cerber, S anam, Aris Locker, Jigsaw, WannaCry, and Reveton. Ransomware protection is not any longer 100% free. However, you can secure ransomware through programmed refreshes, antibody establishment, and span backups. Need framework and organization. Figure out how to prevent ransomware from your organization and individual clients. Most ransomware is transmitted via phishing emails. The fastest way is to measure the steps taken by various agencies to stop this malware and decrypt it. The criminals behind the ransomware caused not only large scale damage to sensitive infrastructure but also billions of dollars in benefits from patients around the world. The world is still collecting money from innocent people. Nine types of ransomware, small software, and several examples of malware are studied. The outcomes show that reflected programming and innocuous applications can be recognized. This is a way to stop companies and individuals from ransomware Keywords— Ransomware, Money, Computer Malware, Security, Phishing, INT RODUCT ION Ransomware is a kind of malicious programming that confines its capacities when utilizing a PC and encodes records on the PC. Ransomware works in many different ways. A straightforward technique is to bolt the work area of the tainted PC to encode every one of its documents [3]. The cross program software program displays a message on the locked desktop. When they want to restore or decrypt a file, they ask the victim to provide funds. In fact, the malware used the computer as a ransom. One of the smaller companies involved in the scam conducted a background scan and found 68,000 infected computers in just one month, which meant that up to $400,000 of victims were defrauded. U.S. dollar [2]. With the development of the network, the scale of network attacks is also expanding. In 2017, KISA released a report on the seven most important cyber-attacks. Cyber terrorism in social networks, the abuse of a wide range of malware infection methods, the increase in the risk of mobile commerce services, and the entire industry in which zombies infected weapons on Internet devices were hacked [1]. A large-scale ransomware attack occurred on May-12-2017, which has become a serious global problem. On the second day of the broadcast, a ransomware program called WannaCry used the US National Security Agency's hacking instruments to taint more than 150,000 PCs throughout the planet, along these lines making a fear-monger network psychological warfare. Below this examination, ransomware and how attacks happen, are examined. Ransomware, a public key and symmetric key algorithms, types of ransomware, infection symptoms, and damage. After that, various forms of infiltration caused by ransomware are defined and the prevention of ransomware is introduced. The last concludes with the conclusions of ransomware research [4]. RANSOMWARE A. Ransomware Ransomware is a type of malicious programming that contaminates PC or Windows worker frameworks to limit get to and require a specific expense such as cash to overcome or finish the infection. Admittance to the framework is confined. To eliminate the limitation, a fee is charged to remove the restriction. Ransomware developers. Figure 1 shows the process of a ransomware attack. Some encrypted ransomware programs cannot be controlled, and some ransomware programs just lock the screen and display a message. The computer user must pay for the request message. This pernicious code can be introduced without the client's authorization. Occurs on mobile devices and Mac OS [5]. Richardson et al. [6]. It highlights that humans are the most important factor in malware infection samples, which confirms that 59% of infections are from email (phishing, infected attachments) and 24% are from websites. Between 2006 and 2014, the team of analysts analyzed 359 ransomware samples [7] and found that this was an in-depth study of the classification system. "Stop ransomware attacks on user data”, describe regarding CryptoWall [8] explained, which is an early admonition framework that alarms clients of suspicious document activity. 978-1-6654-8425-1/22/$31.00 ©2022 IEEE 1877 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 25,2022 at 09:03:59 UTC from IEEE Xplore. Restrictions apply. Proceedings of the International Conference on Electronics and Renewable Systems (ICEARS 2022) IEEE Xplore Part Number: CFP22AV8-ART; ISBN: 978-1-6654-8425-1 Plain Text Sender Fig. 1. Cipher Text Plain Text Encrypt Decrypt Receiver public key Receiver private key Receiver Process of Ransomware Attack. B. Ransomware attack stream In general words, Ransomware flow contaminates your framework in three stages: In the principal stage, the assailant looks for documents that are critical to the client. In the subsequent advance, the compacted document is encoded. There are two sorts of encryption: fixed key encryption and dynamic key encryption. The last advance is to move the scrambled document to the work area for clients to see. Then, a message will be displayed to users who have been infected with the ransomware [9]. C. Ransomware attack method File encryption methods are mainly used by ransomware. File encryption methods are usually used to protect files, but ransomware can be used to steal money by infecting people's systems [10]. Encryption calculation and encryption calculation are likewise required. Explored symmetric key calculation and public key calculation (a common encryption strategy). Figure 2 shows the types of ransomware i.e. Encryption Ransomware and Locker Ransomware. Asymmetric encryption: A few groups of ransomware utilize public/private key cryptography to scramble delicate information, such as CryptoWall which uses RSA's [11]. In these ransomware series, encryption keys are either straightforwardly produced on weak frameworks like WannaCry ransomware, or sometimes sent through command and control channels like Locky Ransomware, or can be installed in parallel documents, such as those used by TeslaСryрtransоmware[11]. Technology: These techniques first utilize symmetric key calculations, (for example, AES-256 and CBC) to scramble the document/casualty framework. Afterward, they utilized awry encryption strategies, RSA-1024, RSA-2048, or ECC to compose symmetric code. These strategies or methods have been utilized by numerous ransomware families, for example, Spora and Cryptolacer [12]. In the hybrid strategy, the aggressor infuses the RSA public key into the pernicious double payload to keep away from association to recuperate the encryption key. After paying the ransom, the attacker uses the appropriate RSA private key to decode the client's record/framework. D. Types of Ransomware and Infection Symptoms There are essentially two kinds of ransomware: Encrypted ransomware, Locker ransomware. In encrypted ransomware, all files on the computer/system are encrypted, and users have no right to access these files. They convert the file extension. On the other hand, the Locker ransomware system/computer crashed. Access your system immediately. Types of Ransomware Encryption Ransomware Fig. 2. Locker Ransomware Types of Ransomware. Table 1 summarizes the characteristics of various kinds of ransomware. The following are characteristics of nine different types of ransomware: 978-1-6654-8425-1/22/$31.00 ©2022 IEEE 1878 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 25,2022 at 09:03:59 UTC from IEEE Xplore. Restrictions apply. Proceedings of the International Conference on Electronics and Renewable Systems (ICEARS 2022) IEEE Xplore Part Number: CFP22AV8-ART; ISBN: 978-1-6654-8425-1 Table 1. Features by Ransomware PARTITION PROTOC OL ENCRYPTION 1 CTB LOCKER HTTPS/TOR AES,ECDH 2 TESLA CRYPT HTTPS/TOR AES,ECC 3 TORRENT LOCKER HTTPS AES 4 CRYPTOWALL HTTP/TOR RSA 5 CRYPTO LOCKER 6 NSB LOCKER 7 WANNACRY 8 9 HTTP AES,RSA TCP POLYMORPHIC MAIN TARGET RANSOM DOC/IMAGE 0.5 USD GAME/DOC/IMAGE 500-1000 USD DOC/IMAGE 0.8 BTC DOC/IMAGE 500-100 USD DOC/IMAGE 1500 USD DOC/EXE/IMAGE/M EDIA 250 USD HTTP/TO R RSA,AES OPERATING SYSTEM 300-600 USD REVETON MONEYPAK RSA,DES PASSWORD STEALING 200 USD SPORA HTTP/TOR RSA,AES WORD/DOC 90-121 USD Fedor Sinitisyn discovered CTBLocker (curved Bitcoin locker) in the midsummer of 2014. It is also called Cretoni. Installing CTB Locker can damage your computer by sending spam emails with infected zip files as attachments. It uses encryption and stronger techniques, techniques used CTB Locker AES method, ECDH encryption method. The victim received a message from the criminal. If you want your data, you must use Bitcoin to pay criminals. The culprit behind CTB Locker requires payment of two to three bitcoins, which is roughly equivalent to $489-734. The Reveton ransomware worm has been changing since its release in Europe in 2012. The Reveton worm first infects the system or computer, locks the computer, and displays a message that appears to have been sent by a legal agency to blackmail money. Reveton needs $200 to remove the infection from the computer. It uses RSA and DES encryption methods. NsbLocker first reported on July -202018. The purpose is to attack all images, documents, executable files, compressed files, and multimedia files on the system. Once backed up in an encrypted format, it will become an executable file. At the same time, it is not RSA or AES encryption. The decryption key is the weakest type of ransomware [13]. Cryptolocker is a ransomware site disease found in 2014. The worker index page was changed to a page made by the ransomware engineer, which shut the site. The decoding technique is likewise a strategy in which the site administrator is welcome to charge an expense, and the decryption key is distributed at the time of payment [14]. The attackers demanded $1,500 to avoid infecting the site. CryptoWall is the first ransomware discovered in 2014. CryptoWall mainly infects computer systems through spam. The latest version of CryptoMonkey 4.0 uses the RSA -2048 key to encode all record names and expansions of reports, pictures, sight and sound, and so on existing on the client's PC through the AES CBC 256-bit algorithm. TorrentLocker was first discovered in February 2014. It is an encrypted broadcasting software. It uses symmetric AES encryption to scramble the influenced documents and uneven RSA encryption to encode the AES key. It is like Cryptolocker and CryptoWall. The thing that matters is that"HKCU\Software\BitTorrent Application\Configuration" composes the encoded record into the library. TeslaCrypt was founded in February 2015. It is like the Crystallocker design, however, it can likewise encode game records, like saved games, individual data, Saved logs, and guides. Using Flash Player vulnerability [15] to install malicious code on the user's computer. It uses AES and ECC for encryption. Then, the user system TeslaCryptinfect requires the decryption key to pay a ransom of $500. Delayed payment, the ransom was doubled. Spora is also a type of ransomware, which was first discovered on January-10-2017. The malware uses an innovative combination of AES and RSA encryption keys to infect user data on the infected computer. However, in August, the researchers warned that the mirroring software would return. WannaCry is ransomware, a type of malware used by cybercriminals to make money. The emergence of WannaCry ransomware is a global epidemic that emerged in May 2017. As a hostage and to restore or return to the system, you will need to pay Bitcoin, and then your data will be returned to you under the following circumstances: Pay the ransom. Since Microsoft issued a crisis report and found an off button that kept the contaminated PC from spreading more WannaCry, the attack halted inside a couple of long periods of revelation [16]. 978-1-6654-8425-1/22/$31.00 ©2022 IEEE 1879 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 25,2022 at 09:03:59 UTC from IEEE Xplore. Restrictions apply. Proceedings of the International Conference on Electronics and Renewable Systems (ICEARS 2022) IEEE Xplore Part Number: CFP22AV8-ART; ISBN: 978-1-6654-8425-1 “”” E. Source code of Aris Locker Ransomware This is an overview of ransomware code, once code gets executed: “”” Try: Firstly a fake login screen is there for inputting your password called a function login screen. {//code} After all the files are encrypted last step is for generating the alert() function which is generated in the reame.txt file on a desktop of the system which is infected by ransomware. Def login_screen(): Print(BANNER) Passw = input(“~ \u001b[91;1mPlease Enter Your Password: \033[00m”) This process for maximum Ransomware is the same and many people face high damages because of that. The_program_to_hide=win32gui.GetForegroundWindow() Win32gui.ShowWindow(the_program_to_hide win32con.SW_HIDE) , F. Pseudocode of Ransomware and Extensions Simple pseudo-code of computer instruction Ransomware: for Here does not matter you enter the password or not the function will also run anyway. Now it scans paths “C:\Users\”#C:\Users\ and then it also scans all subdirectories and then collects all the files of specific file types given in _FILE_TYPES. _FILE_TYPES = [‘.exe’ ,’.txt’ ,’.php’ ,’.7z’ ,’.rar’ ,’.wma’ ,’.pl’ ,’m4a’] Now the query is created for pushing files and functions that put a queue in a thread. Import queue If (computer is on, THEN {infect the system;} ) ELSE {look for another computer that is on;} If (computer is not found in 10mins, THEN {shutdown;} ) } Encrypt files on the system, searching for the following file extensions, which are below: Import threading .docx,.ppam,.sti,.vcd,.3gp,.sch,.myd,.wb2,.docb,.potx,.sldx,. jpeg,.mp4,.dch,.frm,.slk,.docm,.potm,.sldm,.jpg,.mov,.dip,.brd,. odb,.dif,.dot,.pst,.sldm,.bmp,.avi,.pl,.dbf,.stc,.dotm,.ost,.vdi,.pn g,.asf,.vb,.db,.sxc,.dotx,.msg,.vmdk,.gif,.mpeg,.vbs,.myi,.mdb,. ots,.xls,.eml,.vmx,.raw,.vob,.ps1,.accdb,.ods,.xlsm,.vsd,.aes,.tif, .wmv,.cmd,.sqlitedb,.max,.xlsb,.vsdx,.ARC,.tiff,.odp,.fla,.js,.sq lite3,.3ds,.xlw,.txt,.PAQ,.nef,.swf,.asm,.asc,.uot,.xlt,.csv,.bz2,.p sd,.wav,.h,.lay6,.stw,.xlm,.rtf,.tbk,.ai,.der, Class Worker(): Def __init__(): {//code} Def run(): {//code} While True: Try: {//code} Return Now all files are encrypted with AES.MODE_ECB encryption called a function Encrypt file. Class Locker(): “”” File Encryption “”” Def __init__(): {//code} Now files are encrypted then it saves files in their original location with a new file extension i.e. (filename). (ransomware name) for example (file).aris. Def encrypt_file(): { .mp3,.pas,.lay,.sxw,.xlc,.123,.bak,.svg,.sh,.cpp,.mml,.ott,.xlt x,.wks,.tar,.djvu,.class,.c,.sxm,.odt,.xltm,.wk1,.tgz,.m4u,.ppsx,.j ar,.cs,.otg,.pem,.ppt,.pdf,.gz,.m3u,.java,.suo,.odg,.p12,.pptx,.dw g,.7z,.mid,.rb,.sln,.uop,.csr,.pptm,.onetoc2,.rar,.wma,.sxi,.asp,.l df,.std,.crt,.pot,.snt,.zip,.flv,.php,.mdf,.sxd,.key,.pps,.hwp,.back up,.3g2,.jsp,.ibd,.otp,.pfx,.ppsm,.602,.iso,.mkv. These are all the formats that are affected by ransomware. PREVENT ION PLAN FOR RANSOMWARE The harm raised by ransomware is endless. What's more, ransomware targets people, as well as organizations, may cause an increase in serious problems due to the infection of sensitive files. The ransomware corrupted all files on the PC. It is important to keep the software up to date to protect it from attacks. Especially for flash memory (Flash) that can penetrate ransomware, it is prescribed to set up programmed refreshes. The second is to utilize solid immunization programming and standard updates. The antibody can identify and forestall ransomware and other malware contaminations, however, the documentation is as of now accessible. Tainted and scrambled documents can't be decoded. It is likewise important to 978-1-6654-8425-1/22/$31.00 ©2022 IEEE 1880 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 25,2022 at 09:03:59 UTC from IEEE Xplore. Restrictions apply. Proceedings of the International Conference on Electronics and Renewable Systems (ICEARS 2022) IEEE Xplore Part Number: CFP22AV8-ART; ISBN: 978-1-6654-8425-1 guarantee that the immunization is tried more than once and the motor is continually refreshed consistently [17]. Third, it utilizes the practice of routinely backing up significant records. It is prescribed to back up information and secure stockpiling gadgets like USB, outside hard drives, or the cloud. Does exclude the PC's inner drives. If you are contaminated with ransomware and your significant documents are scrambled, you can reestablish the records that have been sponsored up after designing[21-23]. Table 2 shows the Decrypters for the ransomware attacks. A. Algorithm For Prevention Procedure Main { Download (system activities) While Download =False do Result (Static Detection) If Result = 0, then Result Status (Dynamic Detection) For i in number of Status do If Status = True, then Result[i] = Ransomware Displaymsg = Not a Ransomware Else Displaymsg = Clean } Table 2. Decrypter by Ransomware Attacks PARTITION DECRYPTER 1 CTB LOCKER MALWAREBYTES 2 TESLA CRYPT MALWAREBYTES 4 5 TORRENT LOCKER CRYPTOWALL CRYPTO LOCKER First of all, it is important to make sure that certain ransomware is issued a 72-hour ransomware warning to be hacked. If the specified time is different, the ransom will increase. In most cases, the method of paying the ransom is categorized according to the hacker's choice. It is possible that over time, payment methods will continue to undergo tremendous changes. For example, early ransomware users had to pay the ransom with so-called traveler’s checks until the late 1990sSubsequently, an innovation created in 2009 by a PC researcher and cryptographer named Satoshi Nakamoto imagined an exceptional computerized digital money, generally known as Bitcoin[24]. Since its introduction to the world, programmers have begun to utilize it. For unidentified organizations, it is imperceptible, protected, and dependable (Kshetri and Voas, 2017). Payment strategies incorporate iTunes and Amazon gift vouchers, these two installment techniques are not more considered at this time(Olenik, 2016). As of late, the achievement of ransomware as an illegal pay strategy has been driven by the development of new electronic cryptography Coin [18]. Bitcoin [19] is the most popular digital currency today, although the number of transactions with other blockchains (such as EOS) is much higher. Bitcoin has reached quality and inevitably guarantees users a fully decentralized currency[25]. REASONS FOR RANSOMWARE A T T ACKS Else 3 M ODE OF PAYMENT FOR RANSOM PLAN KASPERSKY MALWAREBYTES MALWAREBYTES 6 NSB LOCKER KASPERSKY 7 WANNACRY MALWAREBYTES 8 REVETON KASPERSKY 9 SPORA MALWAREBYTES It is accepted that the new multi-target ransomware activity was set off by insider dangers or a degenerate workforce. As indicated by a report, 90% of associations today are powerless against malignant insider dangers (Insider Threat Report, 2018). Outside programmers use phishing messages or different kinds of assaults to decrease the organization's standing. In a portion of the above cases, the challenger effectively dispatched an attack utilizing inside authorizations (Cohen, 2018)However, specialists have broken down many ransomware use cases and tracked down that one of the potential purposes behind ransomware attacks is the absence of ordinary framework weakness patches. Furthermore, the absence of an appropriate security strategy for the executives is likewise a completely relevant factor for us. Be sure of the report. In WannaCry patients. Table 3 lists other indisputable factors. All software should be updated and older software versions should be stopped from using. It is important to update your software regularly. Another important factor is the phishing emails received in emails to analyze what is safe and what is more difficult to send spam. Tox: This is a free toolkit for building your software and running Tox on Tor, requiring very little technical knowledge. There are only three steps to creating your ransomware: enter the amount you want to get from the victim. Provide a "reason" to warn the victim. In the final stage, you will be asked to enter a verification code, and then click "Create". 978-1-6654-8425-1/22/$31.00 ©2022 IEEE 1881 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 25,2022 at 09:03:59 UTC from IEEE Xplore. Restrictions apply. Proceedings of the International Conference on Electronics and Renewable Systems (ICEARS 2022) IEEE Xplore Part Number: CFP22AV8-ART; ISBN: 978-1-6654-8425-1 Table 3. Reasons For Ransomware Attacks E. 6.5 Send Honeypot A honeypot is a kind of organization honeypot used to effectively distinguish dubious organization exercises to keep away from genuine harm (2017). It is prescribed not to configuration stunts to forestall ransomware attacks. All things considered, they are on edge line, giving directors a gauge of what is going to occur. Subsequently, carrying out fakes can give executives time and capacity to immediately close down PCs and organization gadgets before they become contaminated [20]. Normal Reasons For Ransomware Attacks 1. Lack of Staff/Employee Training 2. Lack of Guide from top control Leadership 3. Stаff negligenсe 4. Using рirаted sоftwаres аnd аррliсаtiоns 5. Inаdequаte seсurity infrаstruсture RESULT S AND DISCUSSION 6. Bаd seсurity роliсies M ET HODS A ND TECHNIQUES FOR RANSOMWARE A T T ACKS A. Send Firewalls with IDS/IPS By executing a functioning firewall with the capacity of recognizing and impeding gatecrashers and afterward giving the most recent marks, administrators are probably going to distinguish and break the association between the ransomware and the order and control worker (Brodsky, 2017); Dawes, 2017 Years; Harpur, 2017; Saurbaugh and Liska, 2017). Something else, clients can perform spam separating and Web passage sifting simultaneously to improve security. B. Deploy Heuristic Detection Solutions There are many solutions you can use to find ransomware. Choosing a heuristic solution for detection may bring other benefits to users. Heuristic decision-making can be learned and adapted to any situation. His learning ability sets him apart. Therefore, it is insightful to utilize instruments and answers to identify known and obscure changes in the ransomware family and affirm possible. Provide your source with the most recent mark of the new ransomware mod (Harpur, 2017; Reavis and Nielsen, 2017). C. Screen Events and System Logs Event logs are very useful and valuable in solving or solving network security problems. The event and log screen help to identify many rescue operations and forestall further harm. Notwithstanding, security experts accept that numerous security calamities are brought about by hesitance to break down occasion logs. Along these lines, set up log channels and screens to screen the activities of the framework for infringement or problematic activities.(Ambre, Shekokar, 2015; Brodsky, 2017; Grimes, 13AD). D. Analytics Traffic Traffic investigation is a cloud-based outcome that is utilized to track and follow occasions on network assets. For DNS, they are exceptionally valuable when an infringement is distinguished, particularly when an attack happens and an association is set up between a wrongly positioned order and control worker. The postponement in the correspondence chain forestalled the attack (Robert Lemos, n.d.). They additionally adjusted to outsider cloud suppliers, such as Azure. You can utilize it with Virtual Network and Network Watcher. Table 1 shows the latest research on ransomware. The table lists encryption technologies, protocols, the main uses of the ransomware that caused the infection, and the size of the ransomware required to handle the infected system according to different types of ransomware, as well as viewing and researching other articles. Based on the list in the table, it can be concluded and discussed how various ransomware can avoid such ransomware. Table 3 summarizes the most common causes of ransomware attacks mainly through vulnerabilities or weak points. This article introduces the most common causes and suggests prevention methods. Most of the research has been done on the Windows platform. In addition, this article briefly outlines various ransomware, such as WannaCry, Spora, CryptoWall, etc. Here, different types of ransomware are seen that affect the system as frequently as the largest ransomware sent via phishing emails. To solve this problem in the future, email checking tools or software are created. The system scans all emails and deletes phishing emails. CONCLUSION Ransomware is a type of malicious programming software that contaminates PC or Windows worker systems, limits access, and brings about certain treatment costs. Rans omware incorporates CryptoLocker, NsbLocker, CTBLocker, Spora, and so on. Ransomware can be tainted from various perspectives. Tainted with ransomware while visiting ineffectively got sites, or contaminated with spam and spear phishing, record sharing locales, and social media. In request to forestall ransomware from ensuring our framework, all products should consistently be refreshed to the most recent adaptation. It additionally gives ordinary reinforcements of significant documents, and clients can improve their watchfulness or security mindfulness by dominating PC information. It is likewise a program used to browse phishing messages. Additionally a Chrome augmentation is made to recognize phishing messages. It is javascript code that fetches links in the email. <a href='actuallink'>visuallink</a>. 978-1-6654-8425-1/22/$31.00 ©2022 IEEE 1882 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 25,2022 at 09:03:59 UTC from IEEE Xplore. Restrictions apply. Proceedings of the International Conference on Electronics and Renewable Systems (ICEARS 2022) IEEE Xplore Part Number: CFP22AV8-ART; ISBN: 978-1-6654-8425-1 REFERENCES [1] H. Y. Kim, D. J. Kang & Y. Yeom, “Dynamic ransomware protection using deterministic random bit generator”, IEEE Conference on Application, Information and Network Security (2017). DOI : 10.1109/ains.2017.8270426 [2] Gavin O’Gorman and Geoff McDonald, “Ransomware: A growing menace”, Symantec Corporation (2012) [3] Amin Kharaz, Sajjad Arshad, Collin Mulliner, William Robertson, and Engin Kirda, “UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware, 25th USENIX Security Symposium USENIX Security 16”, USENIX Association, 757–772 (2016) [4] M.Dave,http://pop.riverpublishers.com/opinions.php?id=4,BewareRansomware ! River Publisher (2016)DOI: 10.13052/popcas004 [5] Seth D. Kunin, “Juggling Identities: Four Ideal T ypes of Crypto-Jewish Identity”, USA : Columbia University Press, 114 -145 (2009) [6] Richardson, Ronny, and North, Max M, “Ransomware: Evolution, mitigation, and prevention, International Management Review”, 13, 1, 10, (2017) [7] Kharraz, W. Robertson, D. Balzarotti, L. Bilge, E. Kirda, “Cutting the gordian knot: A look under the hood of ransomware attacks”, 12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2015), July 9-10, 2015, Milan, Italy. [8] P. T . N, Scaife, H, Carter, K. R. Butler, “Cryptolock (and drop it): Stopping ransomware attacks on user data”, In 2016 IEEE 36th International Conference on Distributed Computing Systems, 303 -312 (2016) [9] Seth D. Kunin, “Juggling Identities: APT attacks and Countermeasures”, USA : Columbia University Press (2009) [10] A. K. Sood & R. Enbody, “T argeted cyberattacks: a superset of advanced persistent threats”, IEEE security & privacy, 11(1), 54 -61 (2012). DOI: 10.1109/msp.2012.90 [11] Palisse, A., Le Bouder, H., Lanet, J.-L., Le Guernic, C., Legay, A., “Ransomware and the legacy crypto API”, In: Proceedings of the International Conference on Risks and Security of Internet and Systems. Springer, 11–28 (2016) [12] Cimpanu, C., “Spora ransomware works offline, has the most sophisticated payment site as of yet”, Bleeping Computer (2017). https://www.bleepingcomputer.com/news/security/spora-ransomwareworks-offline-has-the-most-sophisticated-payment-site-as-of-yet/. Accessed Dec 2018 [13] C. P. Pramod & M. Jaiswal, “An advanced AES algorithm using swap and 400 bit data block with flexible S-Box in Cloud Computing”, 2017 3rd International Conference on Computing, Communication and Automation (ICCCA). IEEE: India (2017) DOI: 10.1109/ccaa.2017.8229888 [14] Y. Jeong, Y. Yon & J. Ku, “Hash-chain-based IoT authent ication scheme suitable for small and medium enterprises”, Convergence Society for SMB, 7(4), 105-111 (2017). DOI: 10.22156/cs4smb.2017.7.4.105 [15] M. S. Wamser & G. Sigl, “Pushing the limits further : Sub-atomic AES. 2017 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC)”, IEEE: United Arab Emirates (2017). DOI: 10.1109/vlsi-soc.2017.8203470 [16] Monika; Zavarsky, P.; Lindskog, D., “Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and [17] Caracterization”, Procedia Comput. Sci. 2016, 94, 465–472 (2016) [18] P. S. Shin, J. M. Kim, “Security and Hacking on Wireless Networking for Small and Medium Business : Survey”, Journal of Convergence for Information T echnology, 4(3), 15-20 (2014). [19] Conti, M.; Gangwal, A.; Ruj, S., “On the Economic Significance of Ransomware Campaigns: A BitcoinTransactions Perspective”, Comput. Secur (2018) [20] Hernandez-Castro, J.; Cartwright, E.; Stepanova, A., “Economic Analysis of Ransomware” arXiv 2017,arXiv:1703.06660. [21] Moore, C., “Detecting Ransomware with Honeypot T echniques” In Proceedings of the 2016 Cybersecurity and Cyberforensics Conference (CCC), 77–81, Amman, Jordan, 2–4 August 2016. [21] P. Prabu and S. Duraisamy, “Impact of Pair Programming for Effective Software Development Process.” Research India Publications, International Journal of Applied Engineering Research, vol. 10, pp.18969-18986, 2015. [22] B. Kirubandand and P. Prabu , “ Hybrid Server With Zigbee Technology Using Job Scheduling And Queuing Petrinet.”,International Journal of Research and T echnology,vol. 3, pp. 123 -130, 2016. [23] Senthilnathan, T ., Prabu, P., Sivakumar, R. et al, “An enhancing reversible data hiding for secured data using shuffle block key encryption and histogram bit shifting in cloud environment”, Cluster Computing vol.22, pp. 12839–12847, 2019. [24] Steffi Veientlena,P. Prabu, “ Prevalence Of Hypertension And Determination Of Its Risk Factors In Korangrapady, Udupi District, Coastal Karnataka, India”,Asian Journal of Pharmaceutical and clinical Research, vol .11, pp. 517-521, 2018. [25] Charvi Wadhwa; P. Prabu, “ An empirical analysis of ICT tools with gamification for the Indian school education system”, International Journal of Enterprise Network Management ,vol .12, pp. 258-274, 2021. 978-1-6654-8425-1/22/$31.00 ©2022 IEEE 1883 Authorized licensed use limited to: Lovely Professional University - Phagwara. Downloaded on April 25,2022 at 09:03:59 UTC from IEEE Xplore. Restrictions apply.