Enhanced Cyber Threat Intelligence by Network Forensic Analysis for Ransomware as a Service(RaaS) Malwares

TL;DR

This paper presents a network forensic analysis method to identify and classify RaaS malware traffic, aiding early detection and mitigation through signature generation and AI-based threat intelligence enhancement.

Contribution

It introduces a novel network forensic approach for analyzing RaaS malware traffic, improving detection of obfuscated and polymorphic ransomware samples.

Findings

Over 40% of network packets were malicious.

The method successfully classified suspicious, malicious, and benign traffic.

Verification with Virus Total API confirmed the approach's effectiveness.

Abstract

In the current era of interconnected cyberspace, there is an adverse effect of ransomware on individuals, startups, and large companies. Cybercriminals hold digital assets till the demand for payment is made. The success of ransomware upsurged with the introduction of Ransomware as a Service(RaaS) franchise in the darknet market. Obfuscation and polymorphic nature of malware make them more difficult to identify by Antivirus system. Signature based intrusion detection is still on role suffering from the scarcity of RaaS packet signatures. We have analysed RaaS samples by network forensic approach to investigate on packet captures of benign and malicious network traffic. The behavior analysis of RaaS family Ransomwares, Ryuk and Gandcrab have been investigated to classify the packets as suspicious, malicious, and non-malicious which further aid in generating RaaS packet signatures for early detection and mitigation of ransomwares belonging to RaaS family. More than 40\% of packets are found malicious in this experiment. The proposed method is also verified by Virus Total API Approach. Further, the proposed approach is recommended for integration into honeypots in the present scenario to combat with data scarcity concerned with malware samples(RaaS). This data will be helpful in developing AI-based threat intelligence mechanisms. In turn enhance detection, prevention of threats, incident response and risk assessment.