Browse > Article
http://dx.doi.org/10.3837/tiis.2019.06.027

Recent Advances in Cryptovirology: State-of-the-Art Crypto Mining and Crypto Ransomware Attacks  

Zimba, Aaron (Department of Computer Science and Technology, University of Science and Technology Beijing)
Wang, Zhaoshun (Department of Computer Science and Technology, University of Science and Technology Beijing)
Chen, Hongsong (Department of Computer Science and Technology, University of Science and Technology Beijing)
Mulenga, Mwenge (Department of Computer Science and Information Technology, Mulungushi University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.6, 2019 , pp. 3258-3279 More about this Journal
Abstract
Recently, ransomware has earned itself an infamous reputation as a force to reckon with in the cybercrime landscape. However, cybercriminals are adopting other unconventional means to seamlessly attain proceeds of cybercrime with little effort. Cybercriminals are now acquiring cryptocurrencies directly from benign Internet users without the need to extort a ransom from them, as is the case with ransomware. This paper investigates advances in the cryptovirology landscape by examining the state-of-the-art cryptoviral attacks. In our approach, we perform digital autopsy on the malware's source code and execute the different malware variants in a contained sandbox to deduce static and dynamic properties respectively. We examine three cryptoviral attack structures: browser-based crypto mining, memory resident crypto mining and cryptoviral extortion. These attack structures leave a trail of digital forensics evidence when the malware interacts with the file system and generates noise in form of network traffic when communicating with the C2 servers and crypto mining pools. The digital forensics evidence, which essentially are IOCs include network artifacts such as C2 server domains, IPs and cryptographic hash values of the downloaded files apart from the malware hash values. Such evidence can be used as seed into intrusion detection systems for mitigation purposes.
Keywords
Cryptovirology; cryptoviral attack; crypto-mining; crypto ransomware; cybercrime; cryptocurrency;
Citations & Related Records
연도 인용수 순위
  • Reference
1 ROD SOTO, "Cryptocoin Mining Attack Vectors Reshaping the Threatscape," JASK, FEBRUARY 22, 2018.
2 A Young, M Yung, "Malicious cryptography: Exposing cryptovirology," Computer Law & Security Review, 20.5, pp. 430, 2004.   DOI
3 Nir Kshetri and Jeffrey Voas, "Do Crypto-Currencies Fuel Ransomware?," IT Professional, 19.5, pp. 11-15, 2017.   DOI
4 C. R. Srinivasan, "Hobby hackers to billion-dollar industry: the evolution of ransomware," Computer Fraud & Security, 2017.11, pp. 7-9, 2017.   DOI
5 Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds, "Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions," Talos Intelligence, JANUARY 31, 2018.
6 Adam Young and Moti Yung, "On Ransomware and Envisioning the Enemy of Tomorrow," Computer, 50.11, pp. 82-85, 2017.   DOI
7 A. Young and M. Yung, "Cryptovirology: Extortion-based security threats and countermeasures," in Proc. of Proceedings 1996 IEEE Symposium on Security and Privacy, 1996.
8 A. Palisse, et al., "Ransomware and the legacy crypto API," in Proc. of International Conference on Risks and Security of Internet and Systems. Springer, Cham, pp. 11-28, 2016.
9 A. Zimba, L. Simukonda, and M. Chishimba, "Demystifying Ransomware Attacks: Reverse Engineering and Dynamic Malware Analysis of WannaCry for Network and Information Security," Zambia ICT Journal, 1.1, pp. 35-40, 2017.   DOI
10 A. Zimba, Z. Wang, and L. Simukonda, "Towards Data Resilience: The Analytical Case of Crypto Ransomware Data Recovery Techniques," International Journal of Information Technology & Computer Science, 10.1, pp. 40-51, 2018.   DOI
11 D. Y. Huang, H. Dharmdasani, S. Meiklejohn, V. Dave, C. Grier, D. McCoy, S. Savage, N. Weaver, A. C. Snoeren, and K. Levchenko, "Botcoin: Monetizing stolen cycles," NDSS, February 2014.
12 Fortune, "Popular google chrome extension caught mining cryptocurrency on thousands of computers," January 2, 2018.
13 "Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners," The Register, November 22, 2017.
14 "Ads don't work so websites are using your electricity to pay the bills," The Guardian, September 27, 2017.
15 Aaron Zimba, Zhaoshun Wang, and Hongsong Chen, "Reasoning crypto ransomware infection vectors with Bayesian networks," in Proc. of Intelligence and Security Informatics (ISI), 2017 IEEE International Conference on. IEEE, 2017.
16 D.Y. Kao and S.C. Hsiao, "The dynamic analysis of WannaCry ransomware," in Proc. of Advanced Communication Technology (ICACT), 2018 20th International Conference on. IEEE, 2018.
17 A. Miller et al., "An empirical analysis of linkability in the Monero blockchain," arXiv preprint arXiv:1704.04299, 2017.
18 "New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks," Imperva, February 20, 2018.
19 C. Pascariu, I.D. Barbu and I.C. Bacivarov, "Investigative Analysis and Technical Overview of Ransomware Based Attacks. Case Study: WannaCry," Int'l J. Info. Sec. & Cybercrime, 6.1, pp. 57-35, 2017.
20 "MONERO private digital currency," Monero, 2014.
21 C Kolias et al., "DDoS in the IoT: Mirai and other botnets," IEEE Computer, 50.7, pp. 80-84, 2017.   DOI
22 "Illegal Bitcoin mining factory sparks massive blaze thanks to overheating computers used to create cryptocurrency," The Sun, 9th February 2018.
23 "Now Cryptojacking Threatens Critical Infrastructure, Too," WIRED, February 12, 2018.
24 Adam Young andMoti Yung, "Cryptovirology: The birth, neglect, and explosion of ransomware," Communications of the ACM, 60.7, pp. 24-26, 2017.   DOI
25 "Hack Brief: Hackers Enlisted Tesla's Public Cloud to Mine Cryptocurrency," WIRED, February 20, 2018.
26 "Cisco: Crypto-Mining Botnets Could Make $100m Annually," InfoSecurity, Feb. 1, 2018.
27 Satoshi Nakamoto, "Bitcoin: A peer-to-peer electronic cash system," 2008.
28 F. Mercaldo, V. Nardone, and A. Santone, "Ransomware inside out," in Proc. of Availability, Reliability and Security (ARES), 2016 11th International Conference on. IEEE, 2016.
29 "Crypto-Mining Attacks Jump 50% to Net Hackers Millions in 2017," InfoSecurity, 2017.
30 "Top Cyberthreat Of 2018: Illicit Cryptomining," Forbes. $\mid$ TECH $\mid$ Cybersecurity, March 4, 2018.
31 "ISTR 23: Insights into the Cyber Security Threat Landscape," Symantec, March 21, 2018.
32 "UK cryptojacking attacks surge 1,200% as Bitcoin value rise sees illegal miners taking over PCS," Independent, February 28, 2018.