• The Evolution of Ransomware Variants

      Wood, Ashley; Eze, Thaddeus
      Abstract: This paper investigates how ransomware is continuing to evolve and adapt as time progresses to become more damaging, resilient and sophisticated from one ransomware variant to another. This involves investigating how each ransomware sample including; Petya, WannaCry and CrySiS/Dharma interacts with the underlying system to implicate on both the systems functionality and its underlying data, by utilising several static and dynamic analysis tools. Our analysis shows, whilst ransomware is undoubtedly becoming more sophisticated, fundamental problems exist with its underlying encryption processes which has shown data recovery to be possible across all three samples studied whilst varying aspects of system functionality can be preserved or restored in their entirety.
    • Talos: a prototype Intrusion Detection and Prevention system for profiling ransomware behaviour

      Wood, Ashley; Eze, Thaddeus; Speakman, Lee; University of Chester (Academic Conferences International, 2021-06-24)
      Abstract: In this paper, we profile the behaviour and functionality of multiple recent variants of WannaCry and CrySiS/Dharma, through static and dynamic malware analysis. We then analyse and detail the commonly occurring behavioural features of ransomware. These features are utilised to develop a prototype Intrusion Detection and Prevention System (IDPS) named Talos, which comprises of several detection mechanisms/components. Benchmarking is later performed to test and validate the performance of the proposed Talos IDPS system and the results discussed in detail. It is established that the Talos system can successfully detect all ransomware variants tested, in an average of 1.7 seconds and instigate remedial action in a timely manner following first detection. The paper concludes with a summarisation of our main findings and discussion of potential future works which may be carried out to allow the effective detection and prevention of ransomware on systems and networks.