Secondary abstract: |
Ransomware is composite complex malware, exploiting the shortcomings and inconsistencies of computer operating systems. Among them, the ransomware WannaCry took the lead in 2017 with its mass and global impact. It took advantages of the shortcomings of older and security system-outdated Windows operating systems. As we present in the introduction, the attacks were most massive in heterogeneous and security-poor information environments. During the attacks, a huge number of computers were infected, whose operating systems and files were encrypted by ransomware with a special combination of public and private malicious encryption keys. To unblock and restore normal use of infected computers, malicious actors demanded a ransom in Bitcoin cryptocurrency. Due to numerous attacks with the WannaCry ransomware code, which also took place in Slovenia, we decided on an in-depth static and dynamic analysis of its operation.
In the theoretical background, we therefore investigated the types of malware and identified the genome of ransomware. In the following, we examined the life cycle of its operation according to the stages of the attack and, in the case of infection, the potential spread processes. In the following, we examined the life cycle, modes of operation and harmful changes, caused by the ransomware WannaCry in the infected environment with regard to the stages of the attack and, in the case of infection potential spreading processes. As part of the dynamic analysis we performed testing (in)vulnerability of various Windows operating systems with triggers, code WannaCry runs, namely in an isolated laboratory test environment. |