Ransomware Analysis using Cyber Kill Chain

The havoc caused by ransomware in the recent past is far greater than any other form of malware. Victims of this specific form of malware include, but not limited to; SMEs, large organizations, and government infrastructure. Most of these ransomwares exploit zero-day vulnerabilities and quite easily bypass the conventional security mechanisms, which means even the modern security mechanisms are surpassed by these weaponised pieces of code. This paper presents a thorough analysis of four different and quite lethal ransomware; Petya, Mamba, Cerber, and WannaCry. The unique and common features of these four malware were identified by implementing Cyber Kill Chain phases. The common features extracted from these ransomwares can be used to train analysts in order to identify a ransomware attack in its early stages and block any damage it can cause. Thus, providing future analysts features to identify enabling a more proactive and apt response when dealing with future malware threats.