LockBit Black Ransomware On Reverse Shell: Analysis of Infection

Eliando Eliando; Ary Budi Warsito

doi:10.31154/cogito.v9i2.494.228-240

Authors

Eliando Eliando Matana University http://orcid.org/0000-0002-4808-6056
Ary Budi Warsito Matana University

DOI:

https://doi.org/10.31154/cogito.v9i2.494.228-240

Keywords:

Ransomware, LockBit Black, Reverse, Shell, Infeksi

Abstract

This research was conducted due to the widespread occurrence of ransomware attacks, especially in Indonesia, against data that is at the endpoint and has even reached the banking sector. to estimate the likelihood of future ransomware infections. LockBit 3 ransomware aka LockBit Black is ransomware that has penetrated one of the banks in Indonesia, along with a reverse shell which is an infection method that cannot be recognized by every protection so that when combined it can penetrate all sides of protection. The method used to research the combination of ransomware and reverse shell is a hybrid analysis with a combination of static and dynamic analysis, to see every capability that can be carried out by the LockBit Black ransomware and channeled through the reverse shell. In this research, we can see the real impact of the attack and estimate protection in the future from the results of this analysis so that variant ransomware attacks from LockBit can be overcome.

Author Biography

Eliando Eliando, Matana University

Information System Department

References

F. Almeida, M. Imran, J. Raik, and S. Pagliarini, “Ransomware Attack as Hardware Trojan: A Feasibility and Demonstration Study,” IEEE Access, vol. 10, 2022, doi: 10.1109/ACCESS.2022.3168991.

M. Locatelli, “How financial services firms can mitigate the next wave of attacks,” Netw. Secur., vol. 2021, no. 10, 2021, doi: 10.1016/S1353-4858(21)00117-3.

H. Athir, M. Puat, A. A. Rahman, K. Jalil, and M. Lumpur, “RANSOMWARE AS A SERVICE AND PUBLIC AWARENESS,” PalArch’s J. Archaeol. Egypt / Egyptol., vol. 17, no. 7, 2020.

M. McMurrough, A. Fein, and C. Skeath, “CISA Issues Joint Cybersecurity Advisory on Ransomware Trends and Recommendations,” Bank. Law J., vol. 139, no. 5, 2022.

“A novel approach to generate a reverse shell: Exploitation and Prevention,” Int. J. Intell. Commun. Comput. Networks, vol. 2, no. 2, 2021, doi: 10.51735/ijiccn/001/33.

M. Humayun, N. Z. Jhanjhi, A. Alsayat, and V. Ponnusamy, “Internet of things and ransomware: Evolution, mitigation and prevention,” Egyptian Informatics Journal, vol. 22, no. 1. 2021, doi: 10.1016/j.eij.2020.05.003.

D. Arnold, C. David, and J. Saniie, “PowerShell Malware Analysis Using a Novel Malware Rating System,” in IEEE International Conference on Electro Information Technology, 2022, vol. 2022-May, doi: 10.1109/eIT53891.2022.9813771.

A. Johnson and R. J. Haddad, “Evading signature-based antivirus software using custom reverse shell exploit,” in Conference Proceedings - IEEE SOUTHEASTCON, 2021, vol. 2021-March, doi: 10.1109/SoutheastCon45413.2021.9401881.

D. Hendler, S. Kels, and A. Rubin, “AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings,” 2020, doi: 10.1145/3320269.3384742.

D. Vidyarthi, S. P. Choudhary, S. Rakshit, and C. R. S. Kumar, “Malware detection by static checking and dynamic analysis of executables,” Int. J. Inf. Secur. Priv., vol. 11, no. 3, 2017, doi: 10.4018/IJISP.2017070103.

U. Urooj, B. A. S. Al-Rimy, A. Zainal, F. A. Ghaleb, and M. A. Rassam, “Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions,” Appl. Sci., vol. 12, no. 1, 2022, doi: 10.3390/app12010172.

A. Damodaran, F. Di Troia, C. A. Visaggio, T. H. Austin, and M. Stamp, “A comparison of static, dynamic, and hybrid analysis for malware detection,” J. Comput. Virol. Hacking Tech., vol. 13, no. 1, 2017, doi: 10.1007/s11416-015-0261-z.

A. Kapoor, A. Gupta, R. Gupta, S. Tanwar, G. Sharma, and I. E. Davidson, “Ransomware detection, avoidance, and mitigation scheme: A review and future directions,” Sustainability (Switzerland), vol. 14, no. 1. 2022, doi: 10.3390/su14010008.

C. Eagle, The IDA Pro Book, vol. 91, no. 5. 2012.

D. Zhang, Z. Zhang, B. Jiang, and T. H. Tse, “The Impact of Lightweight Disassembler on Malware Detection: An Empirical Study,” in Proceedings - International Computer Software and Applications Conference, 2018, vol. 1, doi: 10.1109/COMPSAC.2018.00094.

T. McIntosh, A. S. M. Kayes, Y. P. P. Chen, A. Ng, and P. Watters, “Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions,” ACM Computing Surveys, vol. 54, no. 9. 2022, doi: 10.1145/3479393.

K. Acici and G. Ugurlu, “A Reverse Engineering Tool that Directly Injects Shellcodes to the Code Caves in Portable Executable Files,” 2022, doi: 10.1109/ICTACSE50438.2022.10009732.

R. Umar, I. Riadi, and R. S. Kusuma, “Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method,” IJID (International J. Informatics Dev., vol. 10, no. 1, 2021, doi: 10.14421/ijid.2021.2423.

I. Kara and M. Aydos, “The rise of ransomware: Forensic analysis for windows based ransomware attacks,” Expert Syst. Appl., vol. 190, 2022, doi: 10.1016/j.eswa.2021.116198.

Willcox Grant, “How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki,” GitHub, 2020.