Forensik Serangan Ransomware Ryuk pada Jaringan Cloud

##plugins.themes.academic_pro.article.sidebar##

Published Oct 24, 2023
https://doi.org/10.32722/multinetics.v9i2.5234
Download
PDF (Bahasa Indonesia)
Statistic
Vol. 9 No. 2 (2023): MULTINETICS Nopember (2023)

##plugins.themes.academic_pro.article.main##

Ridho Surya Kusuma
Universitas Siber Muhammadiyah

Abstract

Technological advancements have made data a valuable asset; data protection and security are important from various threats such as damage, natural disasters, loss, and cybercrime. In recent years, ransomware attacks have become such a real threat that nowadays, the virus encrypts important data, then demands a financial ransom from the victim by threatening to publish, delete or withhold access. This study conducts network forensic investigations using live forensic methods in network traffic to find traces of perpetrators. This method requires precision and accuracy because data traffic speed is calculated per millisecond, then utilizes the Wireshark tool for data packet analysis. The stages begin with preservation, collection, examination, and research. The following are the investigation results, including the time of the attack, Ip Address, Mac Address, Port, Protocol, and phishing website URL addresses from infected computers. Based on the data obtained, this research is following the expected goals.

##plugins.themes.academic_pro.article.details##

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Author Biography

Ridho Surya Kusuma, Universitas Siber Muhammadiyah

Siber Muhammadiyah University

How to Cite
Kusuma, R. S. (2023). Forensik Serangan Ransomware Ryuk pada Jaringan Cloud. MULTINETICS , 9(2), 99–107. https://doi.org/10.32722/multinetics.v9i2.5234

References

  1. R. Umar, I. Riadi, and R. S. Kusuma, “Mitigating Sodinokibi Ransomware Attack on Cloud Network Using Software-Defined Networking (SDN),” Int. J. Saf. Secur. Eng., vol. 11, no. 3, pp. 239–246, Jun. 2021, doi: 10.18280/ijsse.110304.
  2. S. Il Bae, G. Bin Lee, and E. G. Im, “Ransomware detection using machine learning algorithms,” Concurr. Comput. , no. December 2018, pp. 1–11, 2019, doi: 10.1002/cpe.5422.
  3. Filip Truta, “City of Cartersville Admits Paying Ryuk Ransomware Operators $380,000 - Security Boulevard,” www.securityboulevard.com, 2020. https://securityboulevard.com/2020/03/city-of-cartersville-admits-paying-ryuk-Ransomware-operators-380000/ (accessed Jan. 20, 2021).
  4. Filip Truta, “University of California San Francisco Pays $1 Million to Ransomware Operators after June 1 Attack - Security Boulevard,” www.securityboulevard.com, 2020. https://securityboulevard.com/2020/06/university-of-california-san-francisco-pays-1-million-to-Ransomware-operators-after-june-1-attack/ (accessed Jan. 20, 2021).
  5. Camille Singleton, “Ransomware 2020: Attack Trends Affecting Organizations Worldwide,” www.securityintelligence.com, 2020. https://securityintelligence.com/posts/Ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/ (accessed Jan. 20, 2021).
  6. R. Surya Kusuma, R. Umar, and I. Riadi, “Network Forensics Against Ryuk Ransomware Using Trigger, Acquire, Analysis, Report, and Action (TAARA) Method,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, May 2021, doi: 10.22219/kinetik.v6i2.1225.
  7. T. P. Setia, A. P. Aldya, and N. Widiyasono, “Reverse Engineering untuk Analisis Malware Remote Access Trojan,” J. Edukasi dan Penelit. Inform., vol. 5, no. 1, p. 40, 2019, doi: 10.26418/jp.v5i1.28214.
  8. A. Arabo, R. Dijoux, T. Poulain, and G. Chevalier, “Detecting Ransomware using process behavior analysis,” Procedia Comput. Sci., vol. 168, no. 2019, pp. 289–296, 2020, doi: 10.1016/j.procs.2020.02.249.
  9. Ferdiansyah, “Analisis Aktivitas Dan Pola Jaringan Terhadap Eternal Blue Dan Wannacry Ransomware,” JUSIFO (Jurnal Sist. Informasi), vol. 2, no. 1, pp. 44–59, 2018, [Online]. Available: http://eprints.binadarma.ac.id/3873/1/Ferdiansyah-Analisis Aktivitas dan Pola Jaringan Terhadap Eternal Blue dan Wannacry Ransomware.pdf.
  10. T. M. Liu, D. Y. Kao, and Y. Y. Chen, “Loocipher Ransomware detection using lightweight packet characteristics,” Procedia Comput. Sci., vol. 176, pp. 1677–1683, 2020, doi: 10.1016/j.procs.2020.09.192.
  11. S. R. Davies, R. Macfarlane, and W. J. Buchanan, “Evaluation of live forensic techniques in Ransomware attack mitigation,” Forensic Sci. Int. Digit. Investig., vol. 33, p. 300979, 2020, doi: 10.1016/j.fsidi.2020.300979.
  12. L. Usman, Y. Prayudi, and I. Riadi, “Ransomware analysis based on the surface, runtime and static code method,” J. Theor. Appl. Inf. Technol., vol. 95, no. 11, pp. 2426–2433, 2017.
  13. N. Hildayanti, “Forensics Analysis of Router On Computer Networks Using Live Forensics Method,” Int. J. Cyber-Security Digit. Forensics, vol. 8, no. 1, pp. 74–81, 2019, doi: 10.17781/p002559.
  14. R. Umar, I. Riadi, and R. S. Kusuma, “Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method,” IJID (International J. Informatics Dev., vol. 10, no. 1, pp. 53–61, Jun. 2021, doi: 10.14421/ijid.2021.2423.
  15. R. Umar, A. Yudhana, and M. Nur Faiz, “Analisis Kinerja Metode Live Forensics Untuk Investigasi Random Access Memory Pada Sistem Proprietary,” Pros. Konf. Nas. Ke- 4 Asos. Progr. Pascasarj. Perguru. Tinggi Muhammadiyah, pp. 207–211, 2016.
  16. M. Alim, I. Riadi, and Y. Prayudi, “Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard,” Int. J. Comput. Appl., vol. 180, no. 35, pp. 23–30, 2018, doi: 10.5120/ijca2018916879.
  17. I. Riadi, S. Sunardi, and M. E. Rauli, “Identifikasi Bukti Digital WhatsApp pada Sistem Operasi Proprietary Menggunakan Live Forensics,” J. Tek. Elektro, vol. 10, no. 1, pp. 18–22, 2018, doi: 10.15294/jte.v10i1.14070.
  18. A. O. Almashhadani, M. Kaiiali, S. Sezer, and P. O’Kane, “A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware,” IEEE Access, vol. 7, no. c, pp. 47053–47067, 2019, doi: 10.1109/ACCESS.2019.2907485.
  19. A. Kurniawan and I. Riadi, “Detection and Analysis Cerber Ransomware Using Network Forensics Behavior Based,” Int. J. Netw. Secur., vol. 20, no. 5, pp. 1–8, 2018, doi: 10.6633/IJNS.201809_20(5).04.