A Guideline for Ransomware Detection and Prevention at the Buddhist Places : A case study of Maze Gang

Main Article Content

Krishna Chimmanee
Maneesook Chotrungrat

Abstract

      Due to the spread of COVID 19, throughout the year 2020, working from home has played an important part in the organization, businesses and agencies around the world. This makes the various types of cyber threats posed by the use of the internet even more, especially the threat of ransomware. A survey in 2020 showed that cyberattacks with this type of malware were found in Buddhist areas. Thus, this research aimed to study how to protect cyber assets against ransomware by reviewing relevant literature from foreign research articles as well as the real case studies of the cyber attack from Maze gang. In addition, this research is to study the prevention and detection of ransomware from the research articles in order to introduce a guideline to prevent ransomware from happening in the future.


     From the study of Maze gang’s attack pattern, they employed generally the same attack techniques that can be used to create a preventative approach, such as trying to maintain their foothold and hiding in the network for a long time before taking the sensitive information out of the target's network and encrypting the data file. However, if we have effective monitoring systems, the suspicious cyber threat will be detected and prevented from incurring. Therefore, this article presents the guideline for the prevention from Maze ransomware based on the concept of the National Institute of Standards and Technology of the United States Department of Commerce, which are: (1) Establishing cybersecurity measurement (2) Safeguarding information assets (3) Cyber threat detection capability (4) threat response (5) Post-disaster data recovery after the cyber ​​incident.

Article Details

How to Cite
Chimmanee, K., and M. Chotrungrat. “A Guideline for Ransomware Detection and Prevention at the Buddhist Places : A Case Study of Maze Gang”. Mahachula Academic Journal, vol. 8, no. 3, Dec. 2021, pp. 104-18, https://so04.tci-thaijo.org/index.php/JMA/article/view/250039.
Section
Research Articles

References

พระมหาเอก เมธิกญาโณ เจตสลัน. “พฤติกรรมการใช้สื่อสังคมออนไลน์ ของพระนิสิตระดับปริญญาตรี มหาวิทยาลัยมหาจุฬาลงกรณราชวิทยาลัย อำเภอวังน้อย จังหวัดพระนครศรีอยุธยา”. วารสารมหาจุฬาวิชาการ. ปีที่ ๗ ฉบับที่ ๒ (พฤษภาคม-สิงหาคม ๒๕๖๓) : ๑๗๙-๑๙๐.

Berrueta, E., Morato, D., Magaña, E., & Izal M., “Open Repository for the Evaluation of Ransomware Detection Tools”. IEEE Access, 2020 (8) : 65658 – 65669.

Garg, D., Thakral A., Nalwa T., & Choudhury T. “A past examination and future expectation: Ransomware”. IEEE International Conference on ICACCE, (2018) : 243-247.

Chesti, I.A., Humayun M., Sama, N.U., & Jhanjhi, NZ. “Evolution, Mitigation, and Prevention of Ransomware”. 2nd IEEE International Conference on ICCIS, (2020).

Andes, N., & Wei, M. “District Ransomware: Static and Dynamic Analysis”. IEEE 8th International Symposium on Digital Forensics and Security (ISDFS), (2020).

Saxena, S. & Soni, H.K. “Strategies for Ransomware Removal and Prevention”. IEEE 4th International Conference on AEEICB-18, (2017) : 1-4.

Zahra, S.R. & Chishti, M.A. “RansomWare and Internet of Things: A New Security Nightmare”. IEEE International Conference on Confluence, (2019) : 551-555.

BLACKFOG, The State of Ransomware in 2021. [Online]. Available: https://www.blackfog.com/category/ransomware/ [1 March 2021].

Whittaker, Z., Maze, a notorious ransomware group, says it’s shutting down. [Online]. Available: https://techcrunch.com/2020/11/02/maze-ransomware-group-shutting-down/ [3 November 2020].

I-SECURE. "กลุ่ม Maze Ransomware ปล่อยข้อมูลชุดสมบูรณ์ 100% ของการไฟฟ้าส่วนภูมิภาคแล้ว". [ออนไลน์]. แหล่งที่มา : https://www.i-secure.co.th/2020/07/กลุ่ม-maze-ransomware-ปล่อยข้อมูลชุดส/. [๒๒ มิถุนายน ๒๕๖๓].

Firch, J. PurpleSec LLC, 10 Cyber Security Trends You Can’t Ignore In 2021. [Online]. Available: https://purplesec.us/cyber-security-trends-2021/ [31 December 2020].

Microsoft 365 Defender Threat Intelligence Team, Microsoft., Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk. [Online]. Available: https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/ [28 April 2020].

Kivilevich, V., KELA, Easy Way In? 5 Ransomware Victims Had Their Pulse Secure VPN Credentials Leaked. [Online]. Available: https://ke-la.com/easy-way-in-5-ransomware-victims-had-their-pulse-secure-vpn-credentials-leaked/ [3 Dec 2020].

JERZEWSKI, M., Tripwire, Ransomware Characteristics and Attack Chains – What you Need to Know about Recent Campaigns. [Online]. Available: https://www.tripwire.com/state-of-security/featured/ransomware-characteristics-attack-chains-recent-campaigns/ [7 July 2020].

Süleyman Özarslan, Picus Labs, MITRE ATT&CK T1003 Credential Dumping. [Online]. Available: https://www.picussecurity.com/resource/blog/picus-10-critical-mitre-attck-techniques-t1003-credential-dumping [1 July 2020].

Cynet, Cobalt Strike: White Hat Hacker Powerhouse in the Wrong Hands. [Online]. Available: https://www.cynet.com/network-attacks/cobalt-strike-white-hat-hacker-powerhouse-in-the-wrong-hands/ [27 July 2020].

ShieldX Networks, Try Not to Be A’Maze’d. [Online]. Available: https://www.shieldx.com/wpcontent/uploads/2020/05/ShieldX-Maze-Ransomware-Blog.pdf [18 November 2020].

SENTINELLABS, Case Study: Catching a Human-Operated Maze Ransomware Attack In Action. [Online]. Available: https://labs.sentinelone.com/case-study-catching-a-human-operated-maze-ransomware-attack-in-action/ [13 August 2020].

Whitney, L., TechRepublic. How to combat cyberattacks that exploit Microsoft's Remote Desktop Protocol. [Online]. Available: https://www.techrepublic.com/article/how-to-combat-cyberattacks-that-exploit-microsofts-remote-desktop-protocol/ [7 May 2020].

Kennelly, J., Goody, K., & Shilko, J., FIREEYE, Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents. [Online]. Available: https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html [7 May 2020].

Singh, A. Ransomware: How to Prevent or Recover from an Attack. [Online]. Available: https://www.backblaze.com/blog/complete-guide-ransomware/ [13 October 2020].

Boris, T. Windows Users Beware: 95% of Ransomware Attacks Target Microsoft’s OS. [Online]. Available: https://www.techtimes.com/articles/266728/20211015/windows-users-ransomware-attack-windows-ransomware-windows-microsoft-google-report.htm [15 October 2021].