Analyzing WannaCry Ransomware Considering the Weapons and Exploits

2019 21st International Conference on Advanced Communication Technology (ICACT) Pub Date : 2019-02-01 DOI:10.23919/ICACT.2019.8702049

Da-Yu Kao, Shou-Ching Hsiao, R. Tso

{"title":"Analyzing WannaCry Ransomware Considering the Weapons and Exploits","authors":"Da-Yu Kao, Shou-Ching Hsiao, R. Tso","doi":"10.23919/ICACT.2019.8702049","DOIUrl":null,"url":null,"abstract":"As ransomware has increased in popularity, its creators are using our fears to their advantage. The rapid proliferation of ransomware attacks indicates the growing tendency of ransomware-as-a-service (RaaS) and the integration of hacking weapons. This paper presents the analysis of the infamous WannaCry ransomware, which is one of the most propagated and damaging malware in 2017. The anatomy of ransomware attacks is discussed to understand the multi-phased execution of WannaCry, including the deployment, installation, destruction, and command-and-control. The chain of WannaCry’s execution comprises several hacking weapon components. WannaCry not only embeds the binary in the resource section for multi-phased execution, but also implements a strong encrypting algorithm and a key structure. A reverse engineering analysis of each component, along with the network analysis of WannaCry’s exploits offers an insight into the inner design of WannaCry. The observations of this research contribute to recent security systems and future defense strategies.","PeriodicalId":226261,"journal":{"name":"2019 21st International Conference on Advanced Communication Technology (ICACT)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 21st International Conference on Advanced Communication Technology (ICACT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICACT.2019.8702049","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 22

Abstract

As ransomware has increased in popularity, its creators are using our fears to their advantage. The rapid proliferation of ransomware attacks indicates the growing tendency of ransomware-as-a-service (RaaS) and the integration of hacking weapons. This paper presents the analysis of the infamous WannaCry ransomware, which is one of the most propagated and damaging malware in 2017. The anatomy of ransomware attacks is discussed to understand the multi-phased execution of WannaCry, including the deployment, installation, destruction, and command-and-control. The chain of WannaCry’s execution comprises several hacking weapon components. WannaCry not only embeds the binary in the resource section for multi-phased execution, but also implements a strong encrypting algorithm and a key structure. A reverse engineering analysis of each component, along with the network analysis of WannaCry’s exploits offers an insight into the inner design of WannaCry. The observations of this research contribute to recent security systems and future defense strategies.

查看原文本刊更多论文

从武器和攻击角度分析WannaCry勒索软件

随着勒索软件越来越受欢迎，它的创造者正在利用我们的恐惧来为自己谋利。勒索软件攻击的迅速扩散表明了勒索软件即服务(ransomware-as-a-service, RaaS)和黑客武器集成的发展趋势。本文对臭名昭著的WannaCry勒索软件进行了分析，该软件是2017年传播最广、最具破坏性的恶意软件之一。讨论了勒索软件攻击的解剖结构，以了解WannaCry的多阶段执行，包括部署，安装，销毁和命令与控制。“想哭”的执行链包括几个黑客武器组件。WannaCry不仅将二进制文件嵌入到资源部分进行多阶段执行，而且还实现了强大的加密算法和密钥结构。对每个组件进行逆向工程分析，以及对WannaCry漏洞的网络分析，可以深入了解WannaCry的内部设计。本研究的观察结果有助于最近的安全系统和未来的防御战略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 21st International Conference on Advanced Communication Technology (ICACT)

自引率

0.00%

发文量