ANÁLISIS DE ATAQUES RANSOMWARE EN SERVIDORES WEB, LINUX Y WINDOWS

Ingrid Chilán González, Francisco Bolaños Burgos, Navira Angulo Murillo, Gabriel Rodolfo García Murillo

Resumen


El presente trabajo realiza un análisis de revisión bibliográfica de ataques ransomware en Servidores Web basados en Sistemas Operativos Linux y Windows. Por ello se realizó un análisis comparativo de vulnerabilidad de los Servidores de aplicaciones JBoss, Apache y estructura de base de datos Redis. Los resultados evidencian que los ataques con mayor frecuencia están dirigidos a los Hospitales teniendo en cuenta que los cibercriminales suelen pedir entre $200 y $500 dólares para restaurar los archivos, para el caso del ransomware Samsam para Windows, el atacante interviene la red de la organización vía SSH se autentica al Servidor JBoos. A partir del estudio realizado se puede concluir  con una matriz  de análisis, de ataques ransomware de varias familias CTB-loker, SamSam, CryptoWall 4.0, Linux.Enconder y FairWare y un listado de herramientas de alerta temprana contra ataques ransomware visto que cifran los directorios de los Sitios Web, por ende permite plantear trabajos futuros de nuevos tipos de ransomware por medio de herramientas de simulación.

PALABRAS CLAVE: Ransomware; Servidor Web; Linux; Windows.

ANALYSIS OF RANSOMWARE ATTACKS ON WEB SERVERS, LINUX AND WINDOWS

ABSTRACT

The present work performs an analysis of bibliographic review of ransomware attacks in Web Servers based on Linux and Windows Operating Systems. Therefore, a comparative vulnerability analysis of the JBoss Application Servers, Apache and Redis database structure was carried out. The results show that the most frequent attacks are directed to Hospitals taking into account that cybercriminals usually request between $ 200 and $ 500 dollars to restore the files, for the Samsam for Windows ransomware case, the attacker intervenes the organization's network via SSH authenticates to the JBoos Server. From the study carried out it can be concluded with a matrix of analysis, ransomware attacks of several families CTB-loker, SamSam, CryptoWall 4.0, Linux. Enconder and FairWare and a list of tools for early warning against ransomware attacks seen that encrypt the directories of the Websites, therefore allows to propose future works of new types of ransomware by means of simulation tools.

KEYWORDS: Ransomware; Web Server; Linux; Windows.

Texto completo:

PDF

Referencias


Aziz, S. M. (2016). Ransomware in High-Risk Environments. Department of Computing and Information Sciences.

Beek, C. (2016). Los objetivos del ransomware en el sector salud. Retrieved from http://clustersalud.americaeconomia.com/los-objetivos-del-ransomware-en-el-sector-salud/

Beek, C., & Furtak, A. (2016). Targeted Ransomware No Longer a Future Threat. Retrieved from

Bhardwaj, A., Avasthi, V., Sastry, H., & Subrahmanyam, G. V. B. (2016). Ransomware Digital Extortion: A Rising New Age Threat. Indian Journal of Science and Technology, 9, 5.

Bhushan, B., & Singh, Y. (2016). Review on Cryptovirology. International Journal of All Research Education and Scientific Methods (IJARESM), 4.

Bidefender. (2015). Linux Ransomware Debut Fails on Predictable Encryption Key. Retrieved from https://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/

Bitdefender. (2016a). Ransomware: How to tackle extortion attacks in 2016. Retrieved from http://www.pcadvisor.co.uk/feature/security/ransomware-how-tackle-extortion-attacks-in-2016-3633788/

Bitdefender. (2016b). Third Iteration of Linux Ransomware Still not Ready for Prime-Time. Retrieved from https://labs.bitdefender.com/2016/01/third-iteration-of-linux-ransomware-still-not-ready-for-prime-time/

Bonderud, D. (2016). New PHP Ransomware Looks to Websites for Windfall. Retrieved from https://securityintelligence.com/news/new-php-ransomware-looks-to-websites-for-windfall/

Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security.

Cabaj, K., Gawkowski, P., Grochowski, K., & Osojca, D. (2015). Network activity analysis of CryptoWall ransomware. Warsaw University of Technology.

Caragea, R. (2016). TeLeScope - real-time peering into the depths of TLS traffic from the hypervisor. Bitdefender Labs.

CISCO, T. (2016). SamSam: The Doctor Will See You, After He Pays The Ransom. Retrieved from http://blog.talosintel.com/2016/03/samsam-ransomware.html?m=1

Constantin, L. (2015). File-encrypting ransomware starts targeting Linux web servers. Retrieved from http://www.pcworld.com/article/3003098/business-security/file-encrypting-ransomware-starts-targeting-linux-web-servers.html

Constantin, L. (2016a). CTB-Locker ransomware hits over 100 websites. Retrieved from http://www.pcworld.com/article/3038207/security/ctb-locker-ransomware-hits-over-100-websites.html

Constantin, L. (2016b). FairWare ransomware infects servers through exposed Redis instances. CIO (13284045), 9-9.

Di-Lorio, Ruiz, Alberdi, Curti, Greco, Podestá, . . . Trigo. (2015). Análisis Forense de Memoria: Malware y Evidencia Oculta.

DR.WED. (2016). Linux.enconder. Retrieved from http://vms.drweb.com/virus/?i=7910141&lng=en

Dubell, M. (2016). Building ransomware for fun and profit academic research purposes. Language-Based Security.

García, H. A. M., & Us, L. B. C. (2015). Hidden Tear: Análisis del primer Ransomware Open Source.

Hampton, N., & Baig, Z. A. (2015). Ransomware: Emergence of the cyber-extortion menace. Australian Information Security Management Conference.

Harshada, S., & Ravindra, K. (2015). Ransomware: A Cyber Extortion. Special issues of Convergence in Computing, 2.

Herzog, B., & Balmas, Y. (2016). Great Crypto Failures

Jasper, N. (2016). Ransomware - o uso maléfico da criptografia.

Kansagra, D., Kumhar, M., & Jha, D. (2016). Ransomware: A Threat to Cyber security. IJCSC, 7.

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2014). Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks.

Kiire, R., & Goto, S. (2016). Detecting Drive-by-Download Attacks based on HTTP Context-Types. Proceedings of the APAN.

Kirk, J. (2016). MedStar Health partially restores services after suspected ransomware attack. CIO (13284045), 12-12.

Kovalev, A., Otrashkevich, K., Sidorov, E., & Rassokhin, A. (2014). EFFUSION – A NEW SOPHISTICATED INJECTOR FOR NGINX WEB SERVERS. VIRUS BULLETIN.

Krebs, B. (2015). Ransomware Now Gunning for Your Web Sites. Retrieved from https://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/

Largent, W. (2016). Ransomware: Past, Present, and Future. Retrieved from http://blog.talosintel.com/2016/04/ransomware.html

Lawrence, A. (2016). New FairWare Ransomware targeting Linux Computers. Retrieved from https://www.bleepingcomputer.com/news/security/hacked-redis-servers-being-used-to-install-the-fairware-ransomware-attack/

Lemos, R. (2016). Samsam Server-Side Ransomware Targets K-12 Schools, Hospitals. eWeek, 8-8.

Luo, X., & Liao, Q. (2007). Awareness Education as the Key to Ransomware Prevention. Information Systems Security, 16(4), 195-202. doi:10.1080/10658980701576412

Luo, X., & Liao, Q. (2016). Ransomware: A New Cyber Hijacking Threat to Enterprises.

Maheswaran, J., Jackowitz, D., Wolinsky, D. I., Wang, L., & Ford, B. (2014). Crypto-Book: Bootstrapping Privacy Preserving Online Identities from Social Networks. Yale University.

McAfee. (2015). Informe de McAfee Labs sobre amenazas, mayo de 2015. Retrieved from

Mehmood, S. (2016). Enterprise Survival Guide for Ransomware Attacks.

Moure, M. (2015). Secuestro de información por medio de Malware.

Nakamoto, S. (2014). Bitcoin: A Peer-to-Peer Electronic Cash System.

Pathak. (2016). A Dangerous Trend of Cybercrime: Ransomware

Growing Challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET).

Pauli, D. (2016). Hospital servers in crosshairs of new ransomware strain. Retrieved from http://www.theregister.co.uk/2016/03/30/hospital_ransomware_samsam/

Salvi, H. U., & Kerkar, R. V. (2015). Ransomware: A Cyber Extortion. Asian Journal of Convergence in Technology.

Scaife, N., Carter, H., Traynor, P., & Butler, K. R. B. (2016). CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. IEEE 36th International Conference on Distributed Computing Systems.

Sgandurra, D., Muñoz, L., Mohsen, R., & Lupu, E. C. (2016). Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection. Department of Computing, Imperial College London.

Shahzad, F., Shahzad, M., & Farooq, M. (2013). In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS. Information Sciences.

Sharma, P., Zawar, S., & Patil, S. B. (2016). RANSOMWARE ANALYSIS: INTERNET OF THINGS (IOT) SECURITY ISSUES, CHALLENGES AND OPEN PROBLEMS INTHE CONTEXT OF WORLDWIDE SCENARIO OF SECURITY OF SYSTEMS AND MALWARE ATTACKS. Paper presented at the International conference on recent Innovation in Engineering and Management.

Shillam, R. (2012). What If Your Business Was Held To Ransom?

Shukla, M., Mondal, S., & Lodha, S. (2016). POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat. TCS Research.

Sittig, D. F., & Singh, H. (2016). A Socio-technical Approach to Pre-venting, Mitigating, and Recovering from Ransomware Attacks.

Symantec. (2016). Ransomware and Businesses 2016.

Thakkar, S. (2014). Ransomware - Exploring the Electronic form of Extortion. Department of Computer Applications, 2.

Thomson, I. (2016). SamSam ransomware shifts from hospitals to schools via JBoss hole. Retrieved from http://www.theregister.co.uk/2016/04/19/samsam_ransomware_in_hospitals_schools/

Wright, J. (2016). Over 18,000 Redis Instances Targeted by Fake Ransomware. Retrieved from https://duo.com/blog/over-18000-redis-instances-targeted-by-fake-ransomware


Enlaces refback

  • No hay ningún enlace refback.


Map