{"title":"反向外壳上的 LockBit Black 勒索软件:感染分析","authors":"Eliando Eliando, Ary Budi Warsito","doi":"10.31154/cogito.v9i2.494.228-240","DOIUrl":null,"url":null,"abstract":"This research was conducted due to the widespread occurrence of ransomware attacks, especially in Indonesia, against data that is at the endpoint and has even reached the banking sector. to estimate the likelihood of future ransomware infections. LockBit 3 ransomware aka LockBit Black is ransomware that has penetrated one of the banks in Indonesia, along with a reverse shell which is an infection method that cannot be recognized by every protection so that when combined it can penetrate all sides of protection. The method used to research the combination of ransomware and reverse shell is a hybrid analysis with a combination of static and dynamic analysis, to see every capability that can be carried out by the LockBit Black ransomware and channeled through the reverse shell. In this research, we can see the real impact of the attack and estimate protection in the future from the results of this analysis so that variant ransomware attacks from LockBit can be overcome.","PeriodicalId":31873,"journal":{"name":"Cogito Smart Journal","volume":"186 3","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"LockBit Black Ransomware On Reverse Shell: Analysis of Infection\",\"authors\":\"Eliando Eliando, Ary Budi Warsito\",\"doi\":\"10.31154/cogito.v9i2.494.228-240\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This research was conducted due to the widespread occurrence of ransomware attacks, especially in Indonesia, against data that is at the endpoint and has even reached the banking sector. to estimate the likelihood of future ransomware infections. LockBit 3 ransomware aka LockBit Black is ransomware that has penetrated one of the banks in Indonesia, along with a reverse shell which is an infection method that cannot be recognized by every protection so that when combined it can penetrate all sides of protection. The method used to research the combination of ransomware and reverse shell is a hybrid analysis with a combination of static and dynamic analysis, to see every capability that can be carried out by the LockBit Black ransomware and channeled through the reverse shell. In this research, we can see the real impact of the attack and estimate protection in the future from the results of this analysis so that variant ransomware attacks from LockBit can be overcome.\",\"PeriodicalId\":31873,\"journal\":{\"name\":\"Cogito Smart Journal\",\"volume\":\"186 3\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-12-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cogito Smart Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.31154/cogito.v9i2.494.228-240\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cogito Smart Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.31154/cogito.v9i2.494.228-240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
开展这项研究的原因是勒索软件攻击的广泛发生,尤其是在印度尼西亚,这些攻击针对的是终端数据,甚至已经波及银行业。LockBit 3勒索软件又名LockBit Black,是一种已经渗透到印度尼西亚一家银行的勒索软件,同时还有一种反向外壳,它是一种无法被每种防护措施识别的感染方式,因此结合使用时可以穿透各方防护措施。研究勒索软件和反向外壳结合的方法是静态和动态分析相结合的混合分析,以了解 LockBit Black 勒索软件通过反向外壳所能实现的各种能力。在这项研究中,我们可以看到攻击的真正影响,并从分析结果中估计未来的保护措施,从而克服来自 LockBit 的变种勒索软件攻击。
LockBit Black Ransomware On Reverse Shell: Analysis of Infection
This research was conducted due to the widespread occurrence of ransomware attacks, especially in Indonesia, against data that is at the endpoint and has even reached the banking sector. to estimate the likelihood of future ransomware infections. LockBit 3 ransomware aka LockBit Black is ransomware that has penetrated one of the banks in Indonesia, along with a reverse shell which is an infection method that cannot be recognized by every protection so that when combined it can penetrate all sides of protection. The method used to research the combination of ransomware and reverse shell is a hybrid analysis with a combination of static and dynamic analysis, to see every capability that can be carried out by the LockBit Black ransomware and channeled through the reverse shell. In this research, we can see the real impact of the attack and estimate protection in the future from the results of this analysis so that variant ransomware attacks from LockBit can be overcome.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
