DeepAI AI Chat
Log In Sign Up

Ransomware: Analysing the Impact on Windows Active Directory Domain Services

02/07/2022
by   Grant McDonald, et al.
Edinburgh Napier University
0

Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat towards organisations, there is very little information outlining how ransomware affects Windows Server environments, and particularly its proprietary domain services such as Active Directory. Hence, we aim to increase the cyber situational awareness of organisations and corporations that utilise these environments. Dynamic analysis was performed using three ransomware variants to uncover how crypto-ransomware affects Windows Server-specific services and processes. Our work outlines the practical investigation undertaken as WannaCry, TeslaCrypt, and Jigsaw were acquired and tested against several domain services. The findings showed that none of the three variants stopped the processes and decidedly left all domain services untouched. However, although the services remained operational, they became uniquely dysfunctional as ransomware encrypted the files pertaining to those services

READ FULL TEXT

page 2

page 5

page 14

page 17

page 18

page 20

page 22

page 25

08/13/2016

Duplication of Windows Services

OS-level virtualization techniques virtualize system resources at the sy...
09/15/2016

Virtualizing System and Ordinary Services in Windows-based OS-Level Virtual Machines

OS-level virtualization incurs smaller start-up and run-time overhead th...
07/26/2018

Cloud Storage Forensic: hubiC as a Case-Study

In today society where we live in a world of constant connectivity, many...
02/28/2020

Forensic analysis of the Windows telemetry for diagnostics

Telemetry is the automated sensing and collection of data from a remote ...
12/30/2022

Detecting Forged Kerberos Tickets in an Active Directory Environment

Active Directory is the most popular service to manage users and devices...
01/20/2022

spotFuzzer: Static Instrument and Fuzzing Windows COTs

The security research on Windows has received little attention in the ac...
09/03/2021

Understanding and Mitigating Banking Trojans: From Zeus to Emotet

Banking Trojans came a long way in the past decade, and the recent case ...