Open Access   Article Go Back

Comprehensive Analysis and Forensic Recovery of Vipasana Ransomware

Francis Byabazaire1 , Parag H. Rughani2

  1. Institue of Forensic Science, Gujarat Forensic Sciences University, Gandhinagar, India.
  2. Institue of Forensic Science, Gujarat Forensic Sciences University, Gandhinagar, India.

Section:Research Paper, Product Type: Journal Paper
Volume-6 , Issue-4 , Page no. 110-117, Apr-2018

CrossRef-DOI:   https://doi.org/10.26438/ijcse/v6i4.110117

Online published on Apr 30, 2018

Copyright © Francis Byabazaire, Parag H. Rughani . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

View this paper at   Google Scholar | DPI Digital Library

How to Cite this Paper

  • IEEE Citation
  • MLA Citation
  • APA Citation
  • BibTex Citation
  • RIS Citation

IEEE Style Citation: Francis Byabazaire, Parag H. Rughani, “Comprehensive Analysis and Forensic Recovery of Vipasana Ransomware,” International Journal of Computer Sciences and Engineering, Vol.6, Issue.4, pp.110-117, 2018.

MLA Style Citation: Francis Byabazaire, Parag H. Rughani "Comprehensive Analysis and Forensic Recovery of Vipasana Ransomware." International Journal of Computer Sciences and Engineering 6.4 (2018): 110-117.

APA Style Citation: Francis Byabazaire, Parag H. Rughani, (2018). Comprehensive Analysis and Forensic Recovery of Vipasana Ransomware. International Journal of Computer Sciences and Engineering, 6(4), 110-117.

BibTex Style Citation:
@article{Byabazaire_2018,
author = {Francis Byabazaire, Parag H. Rughani},
title = {Comprehensive Analysis and Forensic Recovery of Vipasana Ransomware},
journal = {International Journal of Computer Sciences and Engineering},
issue_date = {4 2018},
volume = {6},
Issue = {4},
month = {4},
year = {2018},
issn = {2347-2693},
pages = {110-117},
url = {https://www.ijcseonline.org/full_paper_view.php?paper_id=1854},
doi = {https://doi.org/10.26438/ijcse/v6i4.110117}
publisher = {IJCSE, Indore, INDIA},
}

RIS Style Citation:
TY - JOUR
DO = {https://doi.org/10.26438/ijcse/v6i4.110117}
UR - https://www.ijcseonline.org/full_paper_view.php?paper_id=1854
TI - Comprehensive Analysis and Forensic Recovery of Vipasana Ransomware
T2 - International Journal of Computer Sciences and Engineering
AU - Francis Byabazaire, Parag H. Rughani
PY - 2018
DA - 2018/04/30
PB - IJCSE, Indore, INDIA
SP - 110-117
IS - 4
VL - 6
SN - 2347-2693
ER -

VIEWS PDF XML
779 596 downloads 353 downloads
  
  
           

Abstract

Ransomware is a malware that either encrypts files with specific extension on the system or locks the user out of the system demanding for the ransom in exchange of decryption key. The approach used here is to assess numerous aspects of ransomware so as to comprehend different techniques utilized by it. Ransomware has rapidly affected individuals, public and private organizations across the globe. This occurs due to system flaws and lack of recovery mechanisms. The challenging part is to recover vital data from the encrypted files. This has created severe security issues to companies of all sizes as several have lost valuable data and business proprietary information. Considering the above information, this research paper aims at examining the characteristics of a Microsoft Windows-based ransomware and potential recovery of encrypted files from the ransomware affected system. The sample was examined in an isolated environment using static and dynamic analysis techniques with open source tools. The results were encouraging as we were able to recover encrypted files with specific extensions.

Key-Words / Index Term

Vipasana Ransomware, Ransomware Forensics, Ransomware Analysis, Offline Ransomware, Static Analysis, Dynamic Analysis

References

[1] A. Bhardwaj, V. Avasthi, H. Sastry, G. V. B. Subrahmanyam, “Ransomware Digital Extortion: A Rising New Age Threat”, Indian Journal of Science and Technology, Vol.9, Issue.14, 2016.
[2] A. Ali, “Ransomware: a research and a personal case study of dealing with this nasty malware”, Issues in Informing Science and Information Technology, Vol.14, pp.087-099, 2017.
[3] C. Everett, “Ransomware: to Pay or Not to Pay?” Computer Fraud & Security, Vol.2016, Issue.4, pp.8–12, 2016.
[4] A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, E. Kirda, “Cutting the gordian knot: A look under the hood of ransomware attacks”, In: M. Almgren, V. Gulisano, F. Maggi (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2015. Lecture Notes in Computer Science, Springer, Cham, Vol.9148, pp. 3-24, 2015.
[5] S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, R. Khayami, “Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence”, IEEE Transactions on Emerging Topics in Computing, pp. 1–1, 2017.
[6] E. Kirda, “UNVEIL: a large-scale, automated approach to detecting ransomware (keynote)”, In Software Analysis, Evolution and Reengineering (SANER-2017) IEEE 24th International Conference, pp.1-1, 2017.
[7] K. Cabaj, M. Gregorczyk, W. Mazurczyk, “Software-Defined Networking-Based Crypto Ransomware Detection Using HTTP Traffic Characteristics”, Computers & Electrical Engineering, Vol.66, pp.353–368, 2018.
[8] J. K. Lee, S. Y. Moon, J. H. Park, “CloudRPS: a Cloud Analysis Based Enhanced Ransomware Prevention System”, The Journal of Supercomputing, Vol.73, Issue.7, pp.3065–3084, 2017.
[9] A. Gazet, “Comparative Analysis of Various Ransomware Virii”, Journal in Computer Virology, Vol.6,Issue.1,pp.77–90, 2010.
[10] V. U. Bala, B.D.C.N.Prasad "A Study on- Identifying and Evading Ransomware (Ransomware)", SSRG International Journal of Computer Science and Engineering (SSRG - IJCSE), Vol.5, Issue.2,pp.9-13, 2018
[11] S. Mohurle, M. Patil, “A brief study of wannacry threat: Ransomware attack 2017”, International Journal, Vol.8, Issue.5, pp.1938-1940, 2017.
[12] “North Korea Blamed for WannaCry, PoS Attacks and Bitcoin Phishing”, Network Security, Vol.2018, Issue.1, pp.1-2, 2018.
[13] J. MacRae, V.N.L. Franqueira, “On Locky Ransomware, Al Capone and Brexit,” In: P. Matoušek, M. Schmiedecker (eds) Digital Forensics and Cyber Crime (ICDF2C 2017) Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Springer, Cham, Vol.216, pp.33-45, 2017.
[14] P. P. Kulkarni, T. Nafis, S.S. Biswas, “Preventive Measures and Incident Response for Locky Ransomware”, International Journal of Advanced Research in Computer Science, Vol.8, Issue.5, 2017.
[15] A. Zahra, M.A. Shah “IoT Based Ransomware Growth Rate Evaluation and Detection Using Command and Control Blacklisting”, In proceeding of 23rd International Conference on Automation and Computing (ICAC- 2017), pp.1-6, 2017.
[16] S. Berkenkopf, “Manamecrypt–a ransomware that takes a different route”, 2016. https://www.gdatasoftware.com/blog/2016/04/28234-manamecrypt-a-ransomware-that-takes-a-different-route.
[17] J. Li, D. Gu, Y. Luo, “Android malware forensics: Reconstruction of malicious events”, In proceeding of 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW-2012), IEEE, pp.552-558, 2012.
[18] M. Brand, C. Valli, A. Woodward, “Malware Forensics: Discovery of the Intent of Deception”, The Journal of Digital Forensics, Security and Law, Vol.5, Issue.4, pp.31, 2010.
[19] B. Ruttenberg, C. Miles, L. Kellogg, V. Notani, M. Howard, C. LeDoux, A. Lakhotia, Pfeffer, “Identifying Shared Software Components to Support Malware Forensics”, In: S. Dietrich (eds) Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA-2014), Lecture Notes in Computer Science, Springer, Cham, Vol.8550 , pp.21–40, 2014.
[20] Z. Deng, D. Xu, X. Zhang, X. Jiang, “Introlib: Efficient and transparent library call introspection for malware forensics”, Digital Investigation, Vol.9, pp.S13-S23, 2012.