Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

WannaCry Malware Analysis


Affiliations
1 Tilak Maharashtra Vidyapeeth, Pune, India
2 Founder Sedulity Solutions and Technologies, India
     

   Subscribe/Renew Journal


In business scenarios today, the most precious asset is computer systems and the data which is stored in them. Attackers are well aware of this fact and that is the reason why they can easily make money by holding this data at ransom. This is the reason why ransomware form of malware is on constant rise and is threatening businesses. WannaCry is one such ransomware which recently caused great havoc in many countries, affecting public amenities like health, in addition to causing huge monetary losses and losses to data. In this paper we will analyze wannacry in detail to understand its architecture, working, damages it caused and how the kill-switch worked to stop the damages for some time. We will also understand the various precautions to be taken to be protected from such ransomware in the future.

Keywords

Ransomware, WannaCry, SMB Vulnerability, Doublepulsar, Bitcoins, TOR.
User
Subscription Login to verify subscription
Notifications
Font Size

  • Certin, M. (2017, May 13) . Wannacry/WannaCrypt Ransomware. Retrieved from Cyber Swachhta Kendra Website: http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html
  • Cert,E. (2017). WannaCry Ransomware Campaign Exploiting SMB Vulnerability. Retrieved from Cert Europa Website: https://cert.europa.eu/static/SecurityAdvisories/2017/CERT-EU-SA2017012.pdf
  • Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals your phone. Formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer International Publishing.
  • Klosowski ,T. (2014, Feb 2). What is Tor and Should I Use it. Retrieved from http://lifehacker.com/
  • McNeil,A.(2017, May 19). How did the WannaCry Ransomware Spread? Retrieved from https://blog.malwarebytes.com/
  • Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312).IEEE.
  • Gazet, A. (2010). Comparative analysis of various ransomware virii. Journal in computer virology, 6(1), 77-90.
  • Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer International Publishing.
  • Andronio, N., Zanero, S., & Maggi, F. (2015, November). HelDroid: Dissecting and detecting mobile ransomware. In International Workshop on Recent Advances in Intrusion Detection (pp. 382-404). Springer International Publishing.
  • Sterling, B.(2017,April 4). Double Pulsar NSA Leaked Hacks in the Wild. Retrieved from https://www.wired.com/beyond-the-beyond/2017/04/double-pulsar-nsa-leaked-hacks-wild/

Abstract Views: 683

PDF Views: 7




  • WannaCry Malware Analysis

Abstract Views: 683  |  PDF Views: 7

Authors

Navneet Kaur Popli
Tilak Maharashtra Vidyapeeth, Pune, India
Anup Girdhar
Founder Sedulity Solutions and Technologies, India

Abstract


In business scenarios today, the most precious asset is computer systems and the data which is stored in them. Attackers are well aware of this fact and that is the reason why they can easily make money by holding this data at ransom. This is the reason why ransomware form of malware is on constant rise and is threatening businesses. WannaCry is one such ransomware which recently caused great havoc in many countries, affecting public amenities like health, in addition to causing huge monetary losses and losses to data. In this paper we will analyze wannacry in detail to understand its architecture, working, damages it caused and how the kill-switch worked to stop the damages for some time. We will also understand the various precautions to be taken to be protected from such ransomware in the future.

Keywords


Ransomware, WannaCry, SMB Vulnerability, Doublepulsar, Bitcoins, TOR.

References





DOI: https://doi.org/10.25089/MERI%2F2017%2Fv10%2Fi2%2F151167