A era dos Crypto Ransomwares: um estudo de caso sobre o WannaCry
Abstract
In a context of growing dependency on computational systems and the Internet, the institutions have been investing more and more resources to ensure the Information Security. Despite the countless efforts, incidents are still growing in frequency and severity, showing that more efficient incident response processes are needed. One of the threats in clear growth is the Crypto Ransomwares. This paper develops a case study of WannaCry – a peculiar ransomware that spread panic in early 2017 – with the goal of identifying opportunities for improvement in the incident response systems and processes.References
Ab Rahman, N. H. and Choo, K.-K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49:45–69.
AYRAPETOV, D. (2017). Practical defense for cyber attacks and lessons from 2017 sonicwall annual threat report. 29 ago. de 2017.
CERT.br (2017). Estatísticas dos incidentes reportados ao cert.br - 2017. 16 ago. de 2017.
Cobb, S. (2017). Rot: Ransomware of things. 29 ago. de 2017.
Economist.com (2017). Ransomware attacks were on the rise, even before the latest episode. 29 ago. de 2017.
Formby, D., Durbha, S., and Beyah, R. (2017). Out of control: Ransomware for industrial control systems. 29 ago. de 2017.
Franceschi-Bicchierai, L. (2016). Hackers make the first-ever ransomware for smart thermostats. 29 ago. de 2017.
Gibbs, S. (2016). Ransomware attack on San Francisco public transit gives everyone a free ride. 12 fev. de 2017.
Grispos, G. (2016). On the enhancement of data quality in security incident response investigations. PhD thesis, University of Glasgow.
Healey, J. (2016). Winning and losing in cyberspace. In International Conference on Cyber Conflict (CyCon), pages 37–49. IEEE. 08 fev. de 2017.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., and Kirda, E. (2015). Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks, volume 9148, pages 3–24. Springer International Publishing, Milan.
O Globo (2015). Investimento em segurança da informação cresce mais no país - 2015. 08 fev. de 2017.
Reuters (2017). Analysis: Wannacry attack shows trend toward ’economic’ cyber threats, rising regulatory risk. 28 ago. de 2017.
Smith, M. (2016). Kansas Heart Hospital hit with ransomware; attackers demand two ransoms. 12 fev. de 2017.
Symantec (2017). Ransom.wannacry technical details. 31 ago. de 2017.
Trend Micro (2016). Trend micro’s definition of ransomware. 12 fev. de 2017.
VERIS (2017). Vocabulary for event recording and incident sharing. 27 mar. de 2017.
Winton, R. (2016). Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating. 12 fev. de 2017.
Yin, R. K. (2015). Estudo de Caso: Planejamento e Métodos. Bookman editora.
AYRAPETOV, D. (2017). Practical defense for cyber attacks and lessons from 2017 sonicwall annual threat report. 29 ago. de 2017.
CERT.br (2017). Estatísticas dos incidentes reportados ao cert.br - 2017. 16 ago. de 2017.
Cobb, S. (2017). Rot: Ransomware of things. 29 ago. de 2017.
Economist.com (2017). Ransomware attacks were on the rise, even before the latest episode. 29 ago. de 2017.
Formby, D., Durbha, S., and Beyah, R. (2017). Out of control: Ransomware for industrial control systems. 29 ago. de 2017.
Franceschi-Bicchierai, L. (2016). Hackers make the first-ever ransomware for smart thermostats. 29 ago. de 2017.
Gibbs, S. (2016). Ransomware attack on San Francisco public transit gives everyone a free ride. 12 fev. de 2017.
Grispos, G. (2016). On the enhancement of data quality in security incident response investigations. PhD thesis, University of Glasgow.
Healey, J. (2016). Winning and losing in cyberspace. In International Conference on Cyber Conflict (CyCon), pages 37–49. IEEE. 08 fev. de 2017.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., and Kirda, E. (2015). Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks, volume 9148, pages 3–24. Springer International Publishing, Milan.
O Globo (2015). Investimento em segurança da informação cresce mais no país - 2015. 08 fev. de 2017.
Reuters (2017). Analysis: Wannacry attack shows trend toward ’economic’ cyber threats, rising regulatory risk. 28 ago. de 2017.
Smith, M. (2016). Kansas Heart Hospital hit with ransomware; attackers demand two ransoms. 12 fev. de 2017.
Symantec (2017). Ransom.wannacry technical details. 31 ago. de 2017.
Trend Micro (2016). Trend micro’s definition of ransomware. 12 fev. de 2017.
VERIS (2017). Vocabulary for event recording and incident sharing. 27 mar. de 2017.
Winton, R. (2016). Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating. 12 fev. de 2017.
Yin, R. K. (2015). Estudo de Caso: Planejamento e Métodos. Bookman editora.
Published
2017-11-06
How to Cite
MOREIRA, Guilherme Baesso; CALEGARIO, Vanusa Menditi; DUARTE, Julio Cesar; SANTOS, Anderson F. Pereira dos.
A era dos Crypto Ransomwares: um estudo de caso sobre o WannaCry. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 17. , 2017, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 509-516.
DOI: https://doi.org/10.5753/sbseg.2017.19525.
