| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document Help

Title:Statična in dinamična analiza izsiljevalske programske opreme WannaCry : diplomsko delo visokošolskega študijskega programa Informacijska varnost
Authors:ID Nabergoj, Ambrož (Author)
ID Vrhovec, Simon (Mentor) More about this mentor... New window
Files:.pdf VS_Nabergoj_Ambroz_2021.pdf (902,07 KB)
MD5: 773464C68320E72BB54839E862B95837
PID: 20.500.12556/dkum/b9f0b8f4-36eb-491c-97fd-92798ec80e39
 
Language:Slovenian
Work type:Bachelor thesis/paper
Typology:2.11 - Undergraduate Thesis
Organization:FVV - Faculty of Criminal Justice and Security
Abstract:Izsiljevalske programske opreme so sestavljene kompleksne škodljive programske opreme, ki izrabljajo pomanjkljivosti in nekonsistentnosti računalniških operacijskih sistemov. Med njimi je s svojo množičnostjo in globalnim učinkovanjem v letu 2017 prednjačila izsiljevalska programska oprema WannaCry. Ta je izrabila pomanjkljivost starejših in varnostno sistemsko neposodobljenih operacijskih sistemov Windows. Kot predstavljamo uvodoma, so bili napadi najbolj množični v heterogenih in varnostno slabo dorečenih informacijskih okoljih. Med napadi je bilo okuženih ogromno število računalnikov, katerih operacijske sisteme in datoteke je izsiljevalska programska oprema zašifrirala s posebno kombinacijo javnih in privatnih zlonamernih šifrirnih ključev. Za deblokado in ponovno normalno uporabo okuženih računalnikov so zlonamerni akterji zahtevali odkupnino v Bitcoin kripto valuti. Zaradi številnih napadov z izsiljevalsko kodo WannaCry, ki so se zgodili tudi v Sloveniji, smo se odločili za poglobljeno statično in dinamično analizo njenega delovanja. V teoretičnem ozadju smo zato raziskali vrste škodljivih programskih oprem in prepoznali genom izsiljevalskih. V nadaljevanju smo preučili življenjski cikel njenega delovanja z ozirom na faze izvajanja napada ter v primeru okužbe potencialne postopke širjenja. V okviru dinamične analize pa smo izvajali testne preizkuse (ne)ranljivosti različnih operacijskih sistemov Windows, s sprožitvami, zagoni izsiljevalske kode WannaCry in sicer v izoliranem laboratorijskem testnem okolju.
Keywords:diplomske naloge, informacijska varnost, programska oprema, operacijski sistemi, WannaCry
Place of publishing:Ljubljana
Place of performance:Ljubljana
Publisher:[A. Nabergoj]
Year of publishing:2021
Year of performance:2021
Number of pages:VI, 33 str.
PID:20.500.12556/DKUM-79371 New window
UDC:004.056(043.2)
COBISS.SI-ID:73009411 New window
Publication date in DKUM:13.08.2021
Views:1473
Downloads:140
Metadata:XML RDF-CHPDL DC-XML DC-RDF
Categories:FVV
:
Copy citation
  
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
Share:Bookmark and Share


Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Licences

License:CC BY-NC-ND 4.0, Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Link:http://creativecommons.org/licenses/by-nc-nd/4.0/
Description:The most restrictive Creative Commons license. This only allows people to download and share the work for no commercial gain and for no other purposes.
Licensing start date:18.06.2021

Secondary language

Language:English
Title:Static and dynamic analysis of wannacry ransomware
Abstract:Ransomware is composite complex malware, exploiting the shortcomings and inconsistencies of computer operating systems. Among them, the ransomware WannaCry took the lead in 2017 with its mass and global impact. It took advantages of the shortcomings of older and security system-outdated Windows operating systems. As we present in the introduction, the attacks were most massive in heterogeneous and security-poor information environments. During the attacks, a huge number of computers were infected, whose operating systems and files were encrypted by ransomware with a special combination of public and private malicious encryption keys. To unblock and restore normal use of infected computers, malicious actors demanded a ransom in Bitcoin cryptocurrency. Due to numerous attacks with the WannaCry ransomware code, which also took place in Slovenia, we decided on an in-depth static and dynamic analysis of its operation. In the theoretical background, we therefore investigated the types of malware and identified the genome of ransomware. In the following, we examined the life cycle of its operation according to the stages of the attack and, in the case of infection, the potential spread processes. In the following, we examined the life cycle, modes of operation and harmful changes, caused by the ransomware WannaCry in the infected environment with regard to the stages of the attack and, in the case of infection potential spreading processes. As part of the dynamic analysis we performed testing (in)vulnerability of various Windows operating systems with triggers, code WannaCry runs, namely in an isolated laboratory test environment.
Keywords:Information security, software, operating systems, Wannacry


Comments

Leave comment

You must log in to leave a comment.

Comments (0)
0 - 0 / 0
 
There are no comments!

Back
Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica