I2CE3: A dedicated and separated attack chain for ransomware offenses as the most infamous cyber extortion

Abstract “All of your files have been encrypted!”, “Your device has been locked!”, and so on are the sentences that these days are often seen in the cyber world. Motivated by recent promotions of technology, ransomware attack has soared saliently in terms of volume, versatility, and intricacy. This attack has initiated a lucrative trade by holding users’ resources, whether data or non-data, hostage and demanding to pay ransom for release them. Furthermore, it has begun to camouflage other malware in many cyber-attacks. As a result, designing approaches to vanquish such threat should be taken into account. Understanding attack cycle and having an exhaustive taxonomy of ransomware, specially associated technologies, can assist to develop security measures at the various parts of attack flow. This paper has provided a comprehensive taxonomy of ransomware and digital extortion threats. A discrete and dedicated attack chain called I2CE3 has been proposed for ransomware regardless of its subcategories. The proposed chain offers six consecutive phases that ransomware species go through to triumph in attack. Afterwards, the present work has elaborated the role of all technologies involved in each phase. Finally, based on the proffered chain, performed studies and security solutions have been considered and segregated.

[1]  Sakir Sezer,et al.  Evolution of ransomware , 2018, IET Networks.

[2]  Dongho Won,et al.  Collecting and Filtering Out Phishing Suspicious URLs Using SpamTrap System , 2013, GPC.

[3]  Jong Hyuk Park,et al.  CloudRPS: a cloud analysis based enhanced ransomware prevention system , 2016, The Journal of Supercomputing.

[4]  Moti Yung,et al.  Cryptovirology , 2017, Commun. ACM.

[5]  Engin Kirda,et al.  Redemption: Real-Time Protection Against Ransomware at End-Hosts , 2017, RAID.

[6]  Peng Liu,et al.  FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware , 2017, CCS.

[7]  Mohsen Guizani,et al.  The rise of ransomware and emerging security challenges in the Internet of Things , 2017, Comput. Networks.

[8]  Pavol Zavarsky,et al.  Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization , 2016, FNC/MobiSPC.

[9]  Pierre-Alain Fouque,et al.  Automated Identification of Cryptographic Primitives in Binary Code with Data Flow Graph Isomorphism , 2015, AsiaCCS.

[10]  Pedro García-Teodoro,et al.  R-Locker: Thwarting ransomware action through a honeyfile-based approach , 2018, Comput. Secur..

[11]  Stefano Zanero,et al.  BitIodine: Extracting Intelligence from the Bitcoin Network , 2014, Financial Cryptography.

[12]  Roberto Perdisci,et al.  From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware , 2012, USENIX Security Symposium.

[13]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[14]  Ali Dehghantanha,et al.  DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer , 2019, Future Gener. Comput. Syst..

[15]  Patrick Traynor,et al.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[16]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[17]  Jean-Louis Lanet,et al.  Ransomware and the Legacy Crypto API , 2016, CRiSIS.

[18]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[19]  Newton Lee Cyber Warfare: Weapon of Mass Disruption , 2015 .

[20]  Hongsong Chen,et al.  Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems , 2018, ICT Express.

[21]  Sakir Sezer,et al.  A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware , 2019, IEEE Access.

[22]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[23]  Richard E. Harang,et al.  MEADE: Towards a Malicious Email Attachment Detection Engine , 2018, 2018 IEEE International Symposium on Technologies for Homeland Security (HST).

[24]  Adam L. Young Cryptoviral extortion using Microsoft's Crypto API , 2006, International Journal of Information Security.

[25]  Mohammad Mehdi Ahmadian,et al.  Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares , 2015, 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).

[26]  Daniele Sgandurra,et al.  Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection , 2016, ArXiv.

[27]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[28]  Huirong Fu,et al.  RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform , 2018, 2018 IEEE International Conference on Electro/Information Technology (EIT).

[29]  Arun Kumar Sangaiah,et al.  Classification of ransomware families with machine learning based on N-gram of opcodes , 2019, Future Gener. Comput. Syst..

[30]  Bander Ali Saleh Al-rimy,et al.  Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions , 2018, Comput. Secur..

[31]  Fred Touchette The evolution of malware , 2016, Netw. Secur..

[32]  Gianluca Stringhini,et al.  PayBreak: Defense Against Cryptographic Ransomware , 2017, AsiaCCS.

[33]  Kyungroul Lee,et al.  Ransomware prevention technique using key backup , 2018, Concurr. Comput. Pract. Exp..

[34]  Shalini Batra,et al.  Ensemble based spam detection in social IoT using probabilistic data structures , 2018, Future Gener. Comput. Syst..

[35]  Peng Jiang,et al.  A Survey on the Security of Blockchain Systems , 2017, Future Gener. Comput. Syst..

[36]  Cr Srinivasan Hobby hackers to billion-dollar industry: the evolution of ransomware , 2017 .

[37]  Xin Luo,et al.  Awareness Education as the Key to Ransomware Prevention , 2007, Inf. Secur. J. A Glob. Perspect..

[38]  Yuval Elovici,et al.  Novel set of general descriptive features for enhanced detection of malicious emails using machine learning methods , 2018, Expert Syst. Appl..

[39]  Christopher N. Gutierrez,et al.  Reactive redundancy for data destruction protection (R2D2) , 2018, Comput. Secur..

[40]  Alessandro Barenghi,et al.  ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[41]  Mauro Conti,et al.  On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective , 2018, Comput. Secur..

[42]  Bernhard Haslhofer,et al.  Ransomware Payments in the Bitcoin Ecosystem , 2018, J. Cybersecur..

[43]  Christian Doerr,et al.  Malware Coordination using the Blockchain: An Analysis of the Cerber Ransomware , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[44]  Leyla Bilge,et al.  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[45]  Cath Everett,et al.  Ransomware: to pay or not to pay? , 2016 .

[46]  Wojciech Mazurczyk,et al.  Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics , 2016, Comput. Electr. Eng..

[47]  Tankut Acarman,et al.  Classification of malware families based on runtime behaviors , 2017, J. Inf. Secur. Appl..

[48]  Moti Yung,et al.  Malicious cryptography - exposing cryptovirology , 2004 .

[49]  Aaron Higbee The role of crypto-currency in cybercrime , 2018 .

[50]  Bo Chen,et al.  RDS3: Ransomware defense strategy by using stealthily spare space , 2017, 2017 IEEE Symposium Series on Computational Intelligence (SSCI).

[51]  Moti Yung,et al.  Cryptovirology: extortion-based security threats and countermeasures , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[52]  Sherali Zeadally,et al.  A Taxonomy of Domain-Generation Algorithms , 2016, IEEE Security & Privacy.

[53]  Choong Seon Hong,et al.  Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges , 2019, Future Gener. Comput. Syst..

[54]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[55]  Ankit Kumar Jain,et al.  Mobile phishing attacks and defence mechanisms: State of art and open research challenges , 2017, Comput. Secur..

[56]  Robert E. Mercer,et al.  Classifying Spam Emails Using Text and Readability Features , 2013, 2013 IEEE 13th International Conference on Data Mining.

[57]  Alfredo Cuzzocrea,et al.  A Novel Structural-Entropy-based Classification Technique for Supporting Android Ransomware Detection and Analysis , 2018, 2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).