Skip to main content
78
Views
440
Downloads
1
1
1
Reviewed article

Observing, Measuring and Collecting HDD Performance Metrics on a Physical Machine During Ransomware Attack

How to cite:
Dimo Dimov, Yuliyan Tsonev
"Observing, Measuring and Collecting HDD Performance Metrics on a Physical Machine During Ransomware Attack"
Information & Security: An International Journal,
47
no. 3
(2020):
317-327.
https://doi.org/10.11610/isij.4723

Observing, Measuring and Collecting HDD Performance Metrics on a Physical Machine During Ransomware Attack

Source:

Information & Security: An International Journal,
Volume: 47,
Issue3,
p.317-327
(2020)

Abstract:

Ransomware is a type of malicious activity aiming to prevent users from accessing their data by encrypting it. For the purposes of analysis of the behaviour of the crypto viruses, objectively collected data is required. Getting metrics from a virtual machine would be resembling the original behaviour of the ransomware on a physical device. Observing, measuring, collecting and extracting data on a physical device during and after encryption is challenging, since all the data would be corrupted once the encryption process is complete. By utilizing two user profiles, members of the local admin group and custom access control lists on certain recourse, a lab laptop is infected with five different samples of ransomware crypto viruses that do not require connection to the command and control server in order to function as intended. A of HDD metrics is successfully collected and extracted.

78
Views
440
Downloads
1
1
1
3
Citations