• Journal of Korea Multimedia Society
• /
• v.20 no.6
• /
• pp.911-917
• /
• 2017

Tor proxy tool is studied which is most frequently used for ransomeware to penetrate into sensitive information. It will be researched for the malicious methods to spread virus by using Tor and considered a countermeasure to prevent them. We present exit relay methodology for Tor security policy, simulate it, and get a probability to detect the ransomeware. And we compare it with TSS technology which is able to protect the attack via virtual server on exit relay.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.5
• /
• pp.805-811
• /
• 2018

Recently, Format-Preserving-Encryption (FEA) was suggested by the National Security Research institute (NSR) as an encryption method while maintaining the format without a distortion to the intended information to be encrypted. In this paper, we propose a scheme to solve conventional cyber security problems by using FEA scheme. First, we present the method to encrypt signatures and extensions with FEA in order to effectively defend against Ransomeware attacks. This technique can mitigate the exposure to the Ransomeware by encrypting the minimum information. Second, in order to reduce the secret information for Steganography, we introduce a new way to minimize the secret information with FEA. Finally, we compare the operation speed by encryption with FEA and Lightweight Encryption Algorithm (LEA), furthermore when we optimize FEA we want to compare with the performance improvement accompanying with it.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.234-237
• /
• 2017

정보화 사회가 도래함에 따라 정보를 가공, 처리 유통하는 활동이 주를 이루고 정보의 가치는 경제적 가치를 창출하는 요소로 연결됐다. 이와 맞물려 ICT(Information & Communication Technology) 산업이 발전함에 따라 정보를 디지털 데이터 형식으로 저장관리 한다. 이러한 이유로 디지털 정보를 노리는 악성 행위들이 디지털 세상에서 문제가 되고 있다. 그중 사용자의 동의 없이 컴퓨터에 불법으로 설치되어 사용자의 디지털 파일(정보)를 인질로 잡아 금전적인 요구를 하는 악성 프로그램인 랜섬웨어의 피해는 날로 증가하고 있다.[1]. 본 논문에서는 운영체제의 시스템 콜 후킹을 통한 읽기/쓰기 권한을 제한함으로써 다양한 종류의 랜섬웨어 중 파일 암호화 기반 랜섬웨어로부터 사용자가 선택적으로 파일을 보호할 수 있는 방안을 제시하려 한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.3
• /
• pp.1-9
• /
• 2017

Recently, Bitcoin which is digital currency and cryptocurrency is getting worldwide attention since Bitcoin has an ability to replace legal tender unlike other existing cyber currency. Especially, most Bitcoin trading is done between two traders such as P2P method and it does not require a third-party to make sure reliability and it records every transaction details, so it is more transparent then traditional financial trade, so the number of users is increasing. However, Bitcoin, which has been recognized for transparency, confidentiality and stability among traders has recently been threatened by illegal transactions such as money laundering and the attack on the exchange. These threats to Bitcoin are becoming social problems. At first, it seems that most of the digital currency is difficult to get hacked due to the Blockchain technology. However, threats such as digital money leaks by user account hacking and paralyzing the servers are increasing. In this paper, it will examine the features of the Bitcoin and the threatening elements to secure marketability of digital currency such as Bitcoin and receive more interest from public in domestic. The paper will examine the problems of Blockchain technology on speculative transactions and fraudulent behavior by analyzing the problems of Bitcoin transaction. Lastly, it will propose ways to make transparent and secure digital currency transactions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.873-883
• /
• 2017

As Ransomware spreads, the target of the attack shifted from a single personal to organizations which lead attackers to be more intelligent and systematic. Thus, Ransomware's threats to domestic infrastructure, including the financial industry, have grown to a level that cannot be ignored. As a measure against these security issues, organizations use ISMS, which is an information protection management system. However, it is difficult for management to make decisions on the loss done by the security issues since amount of the damage done can not be calculated with just ISMS. In this paper, through FAIR-based loss measurement model based on scenario's to identify the extent of damage and calculate the reasonable damages which has been considered to be the problem of the ISMS, we identified losses and risks of Ransomeware on the financial industry and method to reduce the loss by applying the current ISMS and ISO 27001 control items rather than modifying the ISMS.

• Journal of Convergence for Information Technology
• /
• v.8 no.1
• /
• pp.139-145
• /
• 2018

Ransomeware is a kind of malware. Computers infected with Ransomware have limited system access. It is a malicious program that must provide a money to the malicious code maker in order to release it. On May 12, 2017, with the largest Ransomware attack ever, concerns about the Internet security environment are growing. The types of Ransomware and countermeasures to prevent cyber terrorism are discussed. Ransomware, which has a strong infectious nature and has been constantly attacked in recent years, is typically in the form of Locky, Petya, Cerber, Samam, and Jigsaw. As of now, Ransomware defense is not 100% free. However, it can counter to Ransomware through automatic updates, installation of vaccines, and periodic backups. There is a need to find a multi-layered approach to minimize the risk of reaching the network and the system. Learn how to prevent Ransomware from corporate and individual users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.645-653
• /
• 2016

Ransomware was first created in 1999, but its existence become widely known in Korean by 2015. As information and communication technology have developed, the storage capacity of computer has enlarged, it accordingly is getting more important to effectively manage these information, rather than the information itself. In such situation, the ransomware break into other people's computer and encrypt an files without a user's permission. So, it adversely affect the user. In this paper, we monitor an access of a specific process to the file. And on the basis of this monitoring information, we detect whether the abnormal approach happened. Through the detection result, we block the permission about access to the file for a specific process. Using this method, we propose a blocking technique for the ransomeware's abnormal approach and encryption to the files.

• Journal of Digital Convergence
• /
• v.16 no.7
• /
• pp.9-17
• /
• 2018

Recently, much attention in electronic financial fraud has been dramatically increased. In particular, the electronic financial fraud has been transforming to social engineering. Despite the growing interest in electronic financial fraud, few guidelines exist how to effectively avoid the serious damage from electronic financial fraud. Moreover, it is rarely investigated cases of victims from financial fraud. Therefore, the purpose of this study is to investigate why financial fraud crime victims occurs. To enhance mundane realism, we conducted Focus Group Interview(FGI) with actual victims from financial fraud crime. Drawing analysis of FGI with actual victims, we found that there are certain damage patterns. Further, we found that the reason why financial fraud crime victims occurs is optimistic biases of humans rooted in behavioral economics. Therefore, this study provides the valuable guidelines and directions to prevent electronic financial fraud based on risk and crisis management perspective. Ultimately, this study is able to help the establishment and implementation of a comprehensive electronic financial fraud prevention policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.155-165
• /
• 2018

As medical healthcare industry is growing up rapidly these days, providing various new healthcare service is considered carefully. Health information is considered to be more important than financial information; therefore, protecting health information becomes a very significant task. Ransomware is now targeting industry groups that have high information value. Especially, ransomware has grown in various ways since entering maturity in 2017. Healthcare industry is highly vulnerable to ransomeware since most healthcare organizations are configured in closed network with lack of malware protection. Only meeting the security criteria is not the solution. In the case of a successful attack, restoration process must be prepared to minimize damages as soon as possible. Ransomware is growing rapidly and becoming more complex that protection must be improved much faster. Based on ISO 27799 and 27002 standard, we extract and present security measures against advanced ransomware to maintain and manage healthcare system more effectively.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.4
• /
• pp.50-55
• /
• 2019

Recently Ransomware attacks are continuously increasing, and new Ransomware, which is difficult to detect just with a basic vaccine, continuously has its upward trend. Various solutions for Ransomware have been developed and applied. However, due to the disadvantages and limitations of existing solutions, damage caused by Ransomware has not been reduced. Ransomware is attacking various platforms no matter what platform it is, such as Windows, Linux, servers, IoT devices, and block chains. However, most existing solutions for Ransomware are difficult to apply to various platforms, and there is a limit that they are dependent on only some specific platforms while operating. This study analyzes the problems of existing Ransomware detection solutions and proposes the onboard module based Ransomware detection system; after the system defines the function of necessary elements through analyzing requirements that can actually reduce the damage caused by the Ransomware from the viewpoint of users, it supports various OS without pre-installation and is able to restore data even after being infected. We checked the feasibility of each function of the proposed system through the analysis of the existing technology and verified the suitability of the proposed techniques to meet the user's requirements through the questionnaire survey of a total of 264 users of personal and corporate PC users. As a result of statistical analysis of the questionnaire results, it was found that the score of intent to introduce the system was at 6.3 or more which appeared to be good, and the score of intent to change from existing solution to the proposed system was at 6.0 which appeared to be very high.