صندلی اداری

RANSOMWARE ATTACKS ON WINDOWS SERVERS: INFECTION AND RECOVERY

Rosen Hristev, Magdalena Veselinova, Kristiyan Kolev

Abstract


Cyberattacks are a part of our reality and lately more and more or-ganizations think about what could be happened if they are attacked by a cryptovirus.At the same time the ransomware attacks are constantly evolving and cybercriminalsare looking for ways to expand the scope of their attacks and increase their profit.The ransomware-as-a-service (RaaS) model has become popular because it allows cy-bercriminals to attack more victims with less effort. Sodinokibi is a perfect exampleof RaaS and it is the 4th most widespread ransomware in the world, targeting mostlyAmerican and European companies. This is the reason why Windows Server environ-ments are affected victims by this type of attacks. This paper summarizes trends thatcharacterize the ransomware landscape in 2022. It is described the infection of a virtualmachine running Windows Server 2019 with Sodinokibi. The virtual machine has aninstalled .NET Framework web application that uses a Microsoft SQL Server database.The application’s database and executable files are synchronized with an external cloudserver. After infection an approach for successful recovering the application’s executablefiles and database is proposed.

Full Text: PDF

Refbacks

  • There are currently no refbacks.
گن لاغری

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

IJDEA, Academic Publications, Ltd.