Ransomware is an emerging cyber threat having a clear intention of money making in the form of ransom. This timeits not a virus or a root-kit but its a whole bunch of malware targeting innocent users for financial gain. The main motive behind such attacks is to directly or indirectly drain out the money from the victims. Ransomware is one of the popular malware today which turns out to be the most advanced of its class. More than 60% of the Ransomware gets into the system through drive-by downloads. The format of the drive-by download has changed drastically in the last few years. What was disorganised has now evolved as a sophisticated source of distributing Ransomware. We are now in the era where drive-by downloads are mostly controlled by Exploit Kits aka EK. Depending upon the vulnerabilities, the control panel of the Exploit Kit will choose a malware for you. In this paper, we have analysed the droppers, Cerber and Crypt XXX Ransomware which was distributed by Rig Ek during the year 2016-17. We have also intercepted and dissected around 10 different variants of Rig EK communication and reverse engineered its working methodology. At the end, we have proposed a framework for the detection of malicious communication and prevention of the user data, from being encrypted by using a combination of Software Defined Networking and Certificate Authority Checker aka CAC respectively. ©2006-2017 Asian Research Publishing Network (ARPN). All rights reserved.
cited By 0
P. Raunak and Krishnan, P., “Network detection of ransomware delivered by exploit kit”, ARPN Journal of Engineering and Applied Sciences, vol. 12, pp. 3885-3889, 2017.