diplomsko delo visokošolskega študijskega programa Informacijska varnost
Ambrož Nabergoj (Author), Simon Vrhovec (Mentor)

Abstract

Izsiljevalske programske opreme so sestavljene kompleksne škodljive programske opreme, ki izrabljajo pomanjkljivosti in nekonsistentnosti računalniških operacijskih sistemov. Med njimi je s svojo množičnostjo in globalnim učinkovanjem v letu 2017 prednjačila izsiljevalska programska oprema WannaCry. Ta je izrabila pomanjkljivost starejših in varnostno sistemsko neposodobljenih operacijskih sistemov Windows. Kot predstavljamo uvodoma, so bili napadi najbolj množični v heterogenih in varnostno slabo dorečenih informacijskih okoljih. Med napadi je bilo okuženih ogromno število računalnikov, katerih operacijske sisteme in datoteke je izsiljevalska programska oprema zašifrirala s posebno kombinacijo javnih in privatnih zlonamernih šifrirnih ključev. Za deblokado in ponovno normalno uporabo okuženih računalnikov so zlonamerni akterji zahtevali odkupnino v Bitcoin kripto valuti. Zaradi številnih napadov z izsiljevalsko kodo WannaCry, ki so se zgodili tudi v Sloveniji, smo se odločili za poglobljeno statično in dinamično analizo njenega delovanja. V teoretičnem ozadju smo zato raziskali vrste škodljivih programskih oprem in prepoznali genom izsiljevalskih. V nadaljevanju smo preučili življenjski cikel njenega delovanja z ozirom na faze izvajanja napada ter v primeru okužbe potencialne postopke širjenja. V okviru dinamične analize pa smo izvajali testne preizkuse (ne)ranljivosti različnih operacijskih sistemov Windows, s sprožitvami, zagoni izsiljevalske kode WannaCry in sicer v izoliranem laboratorijskem testnem okolju.

Keywords

diplomske naloge;informacijska varnost;programska oprema;operacijski sistemi;WannaCry;

Data

Language: Slovenian
Year of publishing:
Typology: 2.11 - Undergraduate Thesis
Organization: UM FVV - Faculty of Criminal Justice
Publisher: [A. Nabergoj]
UDC: 004.056(043.2)
COBISS: 73009411 Link will open in a new window
Views: 441
Downloads: 89
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Static and dynamic analysis of wannacry ransomware
Secondary abstract: Ransomware is composite complex malware, exploiting the shortcomings and inconsistencies of computer operating systems. Among them, the ransomware WannaCry took the lead in 2017 with its mass and global impact. It took advantages of the shortcomings of older and security system-outdated Windows operating systems. As we present in the introduction, the attacks were most massive in heterogeneous and security-poor information environments. During the attacks, a huge number of computers were infected, whose operating systems and files were encrypted by ransomware with a special combination of public and private malicious encryption keys. To unblock and restore normal use of infected computers, malicious actors demanded a ransom in Bitcoin cryptocurrency. Due to numerous attacks with the WannaCry ransomware code, which also took place in Slovenia, we decided on an in-depth static and dynamic analysis of its operation. In the theoretical background, we therefore investigated the types of malware and identified the genome of ransomware. In the following, we examined the life cycle of its operation according to the stages of the attack and, in the case of infection, the potential spread processes. In the following, we examined the life cycle, modes of operation and harmful changes, caused by the ransomware WannaCry in the infected environment with regard to the stages of the attack and, in the case of infection potential spreading processes. As part of the dynamic analysis we performed testing (in)vulnerability of various Windows operating systems with triggers, code WannaCry runs, namely in an isolated laboratory test environment.
Secondary keywords: Information security;software;operating systems;Wannacry;
Type (COBISS): Bachelor thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za varnostne vede, Ljubljana
Pages: VI, 33 str.
ID: 13236981
Recommended works:
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, magistrsko delo na študijskem programu Gradbeništvo 2. stopnje UM
, diplomsko delo univerzitetnega študijskega programa