An Investigation on Wannacry Ransomware and its Detection

Abstract

The technological advancement has been accompanied with many issues to the information: security, privacy, and integrity. Malware is one of the security issues that threaten computer system. Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. This paper investigates the intrusion of WannaCry ransomware and the possible detection of the ransomware using static and dynamic analysis. From the analysis, the features of the malware were extracted and detection has been done using those features. The intrusion detection technique used here in this study is Yara-rule based detection which involves an attempt to define a set of rules which comprises of unique strings which is decoded from the wannacry file.