Analysis on ransomware characteristics using static analysis method / Maryam Adreena Mohd Mokhtaruddeen and Mohd Faris Mohd Fuzi

Ransomware attacks pose a serious risk to the security of both personal and business systems. Using evasion techniques, payload distribution, and infection methods, these attacks infiltrate systems and encrypt valuable files, then demand money in exchange for the decryption key. Current ransomware analysis tools can provide general information about malicious binaries, but there are limitation in providing specific information about the behaviour of a specific ransomware sample, making it difficult to protect end-user machines from unknown attacks, particularly the most recent ransomware variants. This project intends to investigate the most recent ransomware attacks and study their characteristics using static analysis. A methodology for the static analysis of ransomware characteristics is proposed by utilising a secure lab environment, VMware Workstation and Windows operating system for host and guest, and various static analysis tools such as PeStudio, CFF Explorer, HxD, and HashMyFile to extract and analyse the functionalities of ransomware samples. The technology can detect unknown ransomware variants by recognising the variant's distinctive characteristics. Real-world ransomware samples were used to validate the methodology. This research provides significant information for security experts and researchers in the realm of cybersecurity and can aid in the protection of systems against ransomware attacks.