- Title
- A comparative study of CERBER, MAKTUB and LOCKY Ransomware using a Hybridised-Malware analysis
- Creator
- Schmitt, Veronica
- ThesisAdvisor
- Irwin, Barry
- Subject
- Microsoft Windows (Computer file)
- Subject
- Data protection
- Subject
- Computer crimes -- Prevention
- Subject
- Computer security
- Subject
- Computer networks -- Security measures
- Subject
- Computers -- Access control
- Subject
- Malware (Computer software)
- Date
- 2019
- Type
- text
- Type
- Thesis
- Type
- Masters
- Type
- MSc
- Identifier
- http://hdl.handle.net/10962/92313
- Identifier
- vital:30702
- Description
- There has been a significant increase in the prevalence of Ransomware attacks in the preceding four years to date. This indicates that the battle has not yet been won defending against this class of malware. This research proposes that by identifying the similarities within the operational framework of Ransomware strains, a better overall understanding of their operation and function can be achieved. This, in turn, will aid in a quicker response to future attacks. With the average Ransomware attack taking two hours to be identified, it shows that there is not yet a clear understanding as to why these attacks are so successful. Research into Ransomware is limited by what is currently known on the topic. Due to the limitations of the research the decision was taken to only examined three samples of Ransomware from different families. This was decided due to the complexities and comprehensive nature of the research. The in depth nature of the research and the time constraints associated with it did not allow for proof of concept of this framework to be tested on more than three families, but the exploratory work was promising and should be further explored in future research. The aim of the research is to follow the Hybrid-Malware analysis framework which consists of both static and the dynamic analysis phases, in addition to the digital forensic examination of the infected system. This allows for signature-based findings, along with behavioural and forensic findings all in one. This information allows for a better understanding of how this malware is designed and how it infects and remains persistent on a system. The operating system which has been chosen is the Microsoft Window 7 operating system which is still utilised by a significant proportion of Windows users especially in the corporate environment. The experiment process was designed to enable the researcher the ability to collect information regarding the Ransomware and every aspect of its behaviour and communication on a target system. The results can be compared across the three strains to identify the commonalities. The initial hypothesis was that Ransomware variants are all much like an instant cake box consists of specific building blocks which remain the same with the flavouring of the cake mix being the unique feature.
- Format
- 174 pages, pdf
- Publisher
- Rhodes University, Faculty of Science, Computer Science
- Language
- English
- Rights
- Schmitt, Veronica
- Hits: 7723
- Visitors: 9277
- Downloads: 1749
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCE1 | SCHMITT-MSc-TR19-117.pdf | 3 MB | Adobe Acrobat PDF | View Details |