Abstract:
Ransomware is a notorious form of malware known for causing severe and permanent damage to its targets. Prompt identification of such attacks is crucial to mitigate the devas- tating consequences they can inflict. According to some reports, the number of ransomware attacks has grown significantly since 2016, with a significant increase in the number of attacks targeting businesses and the military. It is widely considered a major cyber threat at both indi- vidual and organizational levels. Organizations can implement and maintain comprehensive ran- somware mitigation strategies, such as backup, network segmentation, HR education, endpoint protection, and advanced threat hunting. It's worth noting that only some techniques are foolproof. Ransomware has been used in the context of the Russia-Ukraine war, primarily by Russian-backed cybercriminal groups. It has been found that Russian groups have targeted Ukrainian infrastructure and businesses with ransomware attacks, encrypting their systems' data and demanding payment in exchange for the decryption key. These attacks have caused significant disruptions and financial losses as their aim was destruction rather than data breach for the targeted organizations. In this paper, we have analyzed the ransomware used in the Russia-Ukraine war and summarized the most prominent malware involved in the war. We have chosen one of the malware, “Hermetic Ransom”, which performed its thorough analysis and created the YARA rule for its detection, prevention, and response.
Keywords:
Ransomware
,
Malware Detection
,
Advanced Cyberattacks
,
File Wipers
,
Static Analysis of Malware
,
Cyberwarfare
,
Cyberattacks