Unveiling the Dark Web and the Impact of REvil\u27s Cyberattacks

The United States Navy originally created the Dark Web for intelligence purposes, but it was later promoted by Western countries as a tool for safeguarding privacy and anonymity. Currently, the Dark Web serves as a platform for deliberate information leaks by nations that want to keep certain information out of the mainstream media. This paper provides an overview of the dark web and the browser used to access it. It covers the layers of the internet and highlights REvil ransomware and some of its technical details. By understanding these risks, users can take appropriate preventive measures to protect themselves from potential threats. Additionally, the paper examines the different types of criminal activities and incidents that occur on the dark web, such as the sale of illegal goods and services, cybercrime, and identity theft. This information serves as a wake-up call for readers to become aware of the potential dangers of the dark web and take steps to avoid becoming victims of these criminal activities

Analysis of encryption schemes in modern ransomware

In the past few years, activity of ransomware increased. As new variants and families of ransomware are developed, security systems have to keep up. Well designed encryption system is at the heart of ransomware and even a small mistake in the algorithm can break it. This paper analyzes 10 ransomware samples from various families. The goal of the analysis is to describe encryption schemes used in current ransomware. This includes key generation and storage, symmetric and asymmetric ciphers and their chosen implementation

Predictors of Ransomware From Binary Analysis

Ransomware, a type of malware that extorts payment from a victim by encrypting her data, is a growing threat that is becoming more sophisticated with each generation. Attackers have shifted from targeting individuals to entire organizations, raising extortions from hundreds of dollars to hundreds of thousands of dollars. In this work, we analyze a variety of ransomware and benign software binaries in order to identify indicators that may be used to detect ransomware. We find that several combinations of strings, cryptographic constants, and a large number loops are key indicators useful for detecting ransomware

New directions in the ransomware phenomenon

Ransomware is a type of malware that blocks an user’s access to files and requests him/her a ransom. The main approach of an attacker is to encrypt the user’s files and give him/her the decrypting tool only after he/she pays the requested amount of money. The payment is usually done in difficult to trace currencies. In this paper, we provide a review of the ransomware phenomenon, making a clear distinction between the threats before and after WannaCry (which appeared in May 2017). Initially, we give two taxonomy examples from the literature and one designed by us. The first two taxonomies use ”Platform”, ”Cryptosystem”/”Crypto”, ”Severity”, ”Attack” and ”Target” as criteria (the terms appear in one of them or both), but we have chosen ”Target Zone”, ”Propagation”, ”Payment” and ”Weakness”. We further describe/compare ransomware programs, taking into account several aspects including how they work (e.g., encryption methods), whom they target (e.g., individuals/organizations), what impact they have and what weaknesses can be used to provide countermeasures (besides the general prevention techniques that we mention briefly)

Trends in design of ransomware viruses

The ransomware nightmare is taking over the internet impacting common users,small businesses and large ones. The interest and investment which are pushed into this market each month, tells us a few things about the evolution of both technical and social engineering and what to expect in the short-coming future from them. In this paper we analyze how ransomware programs developed in the last few years and how they were released in certain market segments throughout the deep web via RaaS, exploits or SPAM, while learning from their own mistakes to bring profit to the next level. We will also try to highlight some mistakes that were made, which allowed recovering the encrypted data, along with the ransomware authors preference for specific encryption types, how they got to distribute, the silent agreement between ransomwares, coin-miners and bot-nets and some edge cases of encryption, which may prove to be exploitable in the short-coming future

Malware Detection and Prevention

Malware first appeared in 1971, before broadband internet even existed. The first variations began with people just testing what they could do and were not malicious. Eventually, that time came to an end once cybercriminals began to realize that they could wreak havoc and profit from creating malware. Almost at the same time, cybersecurity was created to help combat these viruses and malicious attacks by cybercriminals. This project paper will dive into the technical issues that arise from malware detection and prevention. It starts with defining malware and goes over the history of malware from its birth to today. Then this paper will list all of the different variations of malware and the processes they execute to break into systems and propagate. Next, it goes over the different variations of malware defenses, starting with antivirus software. The paper will define antivirus software and how it functions as well as provide a history. Then it will dive into cryptographic defenses to define, provide history, and explain the methods employed by cryptography. Finally, it will go over firewalls explaining how they function and their history. Malware will never cease to exist, so it is highly important to consider what computer and network technologies you should employ to protect yourself. This paper isn’t just to dismiss malware but to help people understand better how these technologies can work to prevent malware attacks both during and before the attack even happens. Key Words: Malware, Antivirus Software, Cryptography, Firewall, Key, Cipher, Gatewa

Ransomware anti-analysis and evasion techniques: a survey and research directions

Ransomware has been proven to constitute a severe threat to the world's digital assets. Resources or devices' recovery from a Crypto-Ransomware infection is practically infeasible unless an error in the malicious cryptographic implementation has been made, as robust encryption is irreversible. This paper attempts to justify as to why designing and deploying an effective and efficient detective solution against this particular malware category represents a formidable technical challenge. The paper starts with a recent presentation of the Ransomware's epidemic, as reported by the security industry. Subsequently, a taxonomy of Ransomware is presented. The anatomy of the malware's invariant intrusions and infection vectors are illustrated. In addition, the paper navigates and analyzes the various anti-analysis and evasive techniques that are deployable by Ransomware. In every context enumerated in the narrative, the technical difficulty being posed by this malware is illuminated. If a computer security researcher intends to devise a Crypto-Ransomware's preventive solution or a predictive or proactive one, then it is imperative to have a sound perception of the technical challenges that will manifest prior to launching the proposed research project - so as to be equipped to tackle the anticipated problems. This paper concludes with an advance notice underscoring the resilience of Ransomware intrusions and highlighting research open-problems