LockBit Black Ransomware On Reverse Shell: Analysis of Infection
DOI:
https://doi.org/10.31154/cogito.v9i2.494.228-240Keywords:
Ransomware, LockBit Black, Reverse, Shell, InfeksiAbstract
This research was conducted due to the widespread occurrence of ransomware attacks, especially in Indonesia, against data that is at the endpoint and has even reached the banking sector. to estimate the likelihood of future ransomware infections. LockBit 3 ransomware aka LockBit Black is ransomware that has penetrated one of the banks in Indonesia, along with a reverse shell which is an infection method that cannot be recognized by every protection so that when combined it can penetrate all sides of protection. The method used to research the combination of ransomware and reverse shell is a hybrid analysis with a combination of static and dynamic analysis, to see every capability that can be carried out by the LockBit Black ransomware and channeled through the reverse shell. In this research, we can see the real impact of the attack and estimate protection in the future from the results of this analysis so that variant ransomware attacks from LockBit can be overcome.References
F. Almeida, M. Imran, J. Raik, and S. Pagliarini, “Ransomware Attack as Hardware Trojan: A Feasibility and Demonstration Study,” IEEE Access, vol. 10, 2022, doi: 10.1109/ACCESS.2022.3168991.
M. Locatelli, “How financial services firms can mitigate the next wave of attacks,” Netw. Secur., vol. 2021, no. 10, 2021, doi: 10.1016/S1353-4858(21)00117-3.
H. Athir, M. Puat, A. A. Rahman, K. Jalil, and M. Lumpur, “RANSOMWARE AS A SERVICE AND PUBLIC AWARENESS,” PalArch’s J. Archaeol. Egypt / Egyptol., vol. 17, no. 7, 2020.
M. McMurrough, A. Fein, and C. Skeath, “CISA Issues Joint Cybersecurity Advisory on Ransomware Trends and Recommendations,” Bank. Law J., vol. 139, no. 5, 2022.
“A novel approach to generate a reverse shell: Exploitation and Prevention,” Int. J. Intell. Commun. Comput. Networks, vol. 2, no. 2, 2021, doi: 10.51735/ijiccn/001/33.
M. Humayun, N. Z. Jhanjhi, A. Alsayat, and V. Ponnusamy, “Internet of things and ransomware: Evolution, mitigation and prevention,” Egyptian Informatics Journal, vol. 22, no. 1. 2021, doi: 10.1016/j.eij.2020.05.003.
D. Arnold, C. David, and J. Saniie, “PowerShell Malware Analysis Using a Novel Malware Rating System,” in IEEE International Conference on Electro Information Technology, 2022, vol. 2022-May, doi: 10.1109/eIT53891.2022.9813771.
A. Johnson and R. J. Haddad, “Evading signature-based antivirus software using custom reverse shell exploit,” in Conference Proceedings - IEEE SOUTHEASTCON, 2021, vol. 2021-March, doi: 10.1109/SoutheastCon45413.2021.9401881.
D. Hendler, S. Kels, and A. Rubin, “AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings,” 2020, doi: 10.1145/3320269.3384742.
D. Vidyarthi, S. P. Choudhary, S. Rakshit, and C. R. S. Kumar, “Malware detection by static checking and dynamic analysis of executables,” Int. J. Inf. Secur. Priv., vol. 11, no. 3, 2017, doi: 10.4018/IJISP.2017070103.
U. Urooj, B. A. S. Al-Rimy, A. Zainal, F. A. Ghaleb, and M. A. Rassam, “Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions,” Appl. Sci., vol. 12, no. 1, 2022, doi: 10.3390/app12010172.
A. Damodaran, F. Di Troia, C. A. Visaggio, T. H. Austin, and M. Stamp, “A comparison of static, dynamic, and hybrid analysis for malware detection,” J. Comput. Virol. Hacking Tech., vol. 13, no. 1, 2017, doi: 10.1007/s11416-015-0261-z.
A. Kapoor, A. Gupta, R. Gupta, S. Tanwar, G. Sharma, and I. E. Davidson, “Ransomware detection, avoidance, and mitigation scheme: A review and future directions,” Sustainability (Switzerland), vol. 14, no. 1. 2022, doi: 10.3390/su14010008.
C. Eagle, The IDA Pro Book, vol. 91, no. 5. 2012.
D. Zhang, Z. Zhang, B. Jiang, and T. H. Tse, “The Impact of Lightweight Disassembler on Malware Detection: An Empirical Study,” in Proceedings - International Computer Software and Applications Conference, 2018, vol. 1, doi: 10.1109/COMPSAC.2018.00094.
T. McIntosh, A. S. M. Kayes, Y. P. P. Chen, A. Ng, and P. Watters, “Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions,” ACM Computing Surveys, vol. 54, no. 9. 2022, doi: 10.1145/3479393.
K. Acici and G. Ugurlu, “A Reverse Engineering Tool that Directly Injects Shellcodes to the Code Caves in Portable Executable Files,” 2022, doi: 10.1109/ICTACSE50438.2022.10009732.
R. Umar, I. Riadi, and R. S. Kusuma, “Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method,” IJID (International J. Informatics Dev., vol. 10, no. 1, 2021, doi: 10.14421/ijid.2021.2423.
I. Kara and M. Aydos, “The rise of ransomware: Forensic analysis for windows based ransomware attacks,” Expert Syst. Appl., vol. 190, 2022, doi: 10.1016/j.eswa.2021.116198.
Willcox Grant, “How to use a reverse shell in Metasploit · rapid7/metasploit-framework Wiki,” GitHub, 2020.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 CogITo Smart Journal

This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).