Ransomware is a malware that either encrypts files with specific extension on the system or locks the user out of the system demanding for the ransom in exchange of decryption key. The approach used here is to assess numerous aspects of ransomware so as to comprehend different techniques utilized by it. Ransomware has rapidly affected individuals, public and private organizations across the globe. This occurs due to system flaws and lack of recovery mechanisms. The challenging part is to recover vital data from the encrypted files. This has created severe security issues to companies of all sizes as several have lost valuable data and business proprietary information. Considering the above information, this research paper aims at examining the characteristics of a Microsoft Windows-based ransomware and potential recovery of encrypted files from the ransomware affected system. The sample was examined in an isolated environment using static and dynamic analysis techniques with open source tools. The results were encouraging as we were able to recover encrypted files with specific extensions.

Vipasana Ransomware, Ransomware Forensics, Ransomware Analysis, Offline Ransomware, Static Analysis, Dynamic Analysis

[1] A. Bhardwaj, V. Avasthi, H. Sastry, G. V. B. Subrahmanyam, “Ransomware Digital Extortion: A Rising New Age Threat”, Indian Journal of Science and Technology, Vol.9, Issue.14, 2016.
[2] A. Ali, “Ransomware: a research and a personal case study of dealing with this nasty malware”, Issues in Informing Science and Information Technology, Vol.14, pp.087-099, 2017.
[3] C. Everett, “Ransomware: to Pay or Not to Pay?” Computer Fraud & Security, Vol.2016, Issue.4, pp.8–12, 2016.
[4] A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, E. Kirda, “Cutting the gordian knot: A look under the hood of ransomware attacks”, In: M. Almgren, V. Gulisano, F. Maggi (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2015. Lecture Notes in Computer Science, Springer, Cham, Vol.9148, pp. 3-24, 2015.
[5] S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, R. Khayami, “Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence”, IEEE Transactions on Emerging Topics in Computing, pp. 1–1, 2017.
[6] E. Kirda, “UNVEIL: a large-scale, automated approach to detecting ransomware (keynote)”, In Software Analysis, Evolution and Reengineering (SANER-2017) IEEE 24th International Conference, pp.1-1, 2017.
[7] K. Cabaj, M. Gregorczyk, W. Mazurczyk, “Software-Defined Networking-Based Crypto Ransomware Detection Using HTTP Traffic Characteristics”, Computers & Electrical Engineering, Vol.66, pp.353–368, 2018.
[8] J. K. Lee, S. Y. Moon, J. H. Park, “CloudRPS: a Cloud Analysis Based Enhanced Ransomware Prevention System”, The Journal of Supercomputing, Vol.73, Issue.7, pp.3065–3084, 2017.
[9] A. Gazet, “Comparative Analysis of Various Ransomware Virii”, Journal in Computer Virology, Vol.6,Issue.1,pp.77–90, 2010.
[10] V. U. Bala, B.D.C.N.Prasad "A Study on- Identifying and Evading Ransomware (Ransomware)", SSRG International Journal of Computer Science and Engineering (SSRG - IJCSE), Vol.5, Issue.2,pp.9-13, 2018
[11] S. Mohurle, M. Patil, “A brief study of wannacry threat: Ransomware attack 2017”, International Journal, Vol.8, Issue.5, pp.1938-1940, 2017.
[12] “North Korea Blamed for WannaCry, PoS Attacks and Bitcoin Phishing”, Network Security, Vol.2018, Issue.1, pp.1-2, 2018.
[13] J. MacRae, V.N.L. Franqueira, “On Locky Ransomware, Al Capone and Brexit,” In: P. Matoušek, M. Schmiedecker (eds) Digital Forensics and Cyber Crime (ICDF2C 2017) Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Springer, Cham, Vol.216, pp.33-45, 2017.
[14] P. P. Kulkarni, T. Nafis, S.S. Biswas, “Preventive Measures and Incident Response for Locky Ransomware”, International Journal of Advanced Research in Computer Science, Vol.8, Issue.5, 2017.
[15] A. Zahra, M.A. Shah “IoT Based Ransomware Growth Rate Evaluation and Detection Using Command and Control Blacklisting”, In proceeding of 23rd International Conference on Automation and Computing (ICAC- 2017), pp.1-6, 2017.
[16] S. Berkenkopf, “Manamecrypt–a ransomware that takes a different route”, 2016. https://www.gdatasoftware.com/blog/2016/04/28234-manamecrypt-a-ransomware-that-takes-a-different-route.
[17] J. Li, D. Gu, Y. Luo, “Android malware forensics: Reconstruction of malicious events”, In proceeding of 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW-2012), IEEE, pp.552-558, 2012.
[18] M. Brand, C. Valli, A. Woodward, “Malware Forensics: Discovery of the Intent of Deception”, The Journal of Digital Forensics, Security and Law, Vol.5, Issue.4, pp.31, 2010.
[19] B. Ruttenberg, C. Miles, L. Kellogg, V. Notani, M. Howard, C. LeDoux, A. Lakhotia, Pfeffer, “Identifying Shared Software Components to Support Malware Forensics”, In: S. Dietrich (eds) Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA-2014), Lecture Notes in Computer Science, Springer, Cham, Vol.8550 , pp.21–40, 2014.
[20] Z. Deng, D. Xu, X. Zhang, X. Jiang, “Introlib: Efficient and transparent library call introspection for malware forensics”, Digital Investigation, Vol.9, pp.S13-S23, 2012.