A Review and Analysis of Ransomware Using Memory Forensics and Its Tools

Abstract

Cybercrimes reached its peak in 2017, a year marked by extraordinary attacks including multi-million dollar theft. New malware and ransomware with the exponential growth of 64% have laid their impact in the cyber world and left them with no choice except to pay the ransom. On an average, 2 lakh samples of new malware are captured per day in the last year and it is estimated that cybercrime will cost over $2 Trillion by the end of 2019, according to Juniper research. To combat and identify the attacks, digital forensics plays a crucial role in cyber investigations. In particular, memory forensics helps by unhiding the tons of hidden secret information. In memory forensics, crucial facts are stored, retrieved, and presented as a robust proof which can be accepted even in the courtroom. This paper conducts intensive survey on importance of memory forensics and its tools. Also, practical implementation is done on memory dumps collected from WannaCry ransomware affected computer. In-depth analysis is carried out by means of tracing injected dynamic link library (DLLs), process hollowing and reverse engineering. The findings and the open challenges are also presented.