Ransomware encrypted your files but you restored them from network traffic
| dc.contributor.author | Berrueta Irigoyen, Eduardo | |
| dc.contributor.author | Morató Osés, Daniel | |
| dc.contributor.author | Magaña Lizarrondo, Eduardo | |
| dc.contributor.author | Izal Azcárate, Mikel | |
| dc.contributor.department | Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren | eu |
| dc.contributor.department | Institute of Smart Cities - ISC | en |
| dc.contributor.department | Ingeniería Eléctrica, Electrónica y de Comunicación | es_ES |
| dc.date.accessioned | 2020-01-08T12:16:16Z | |
| dc.date.available | 2020-01-08T12:16:16Z | |
| dc.date.issued | 2019 | |
| dc.description.abstract | In a scenario where user files are stored in a network shared volume, a single computer infected by ransomware could encrypt the whole set of shared files, with a large impact on user productivity. On the other hand, medium and large companies maintain hardware or software probes that monitor the traffic in critical network links, in order to evaluate service performance, detect security breaches, account for network or service usage, etc. In this paper we suggest using the monitoring capabilities in one of these tools in order to keep a trace of the traffic between the users and the file server. Once the ransomware is detected, the lost files can be recovered from the traffic trace. This includes any user modifications posterior to the last snapshot of periodic backups. The paper explains the problems faced by the monitoring tool, which is neither the client nor the server of the file sharing operations. It also describes the data structures in order to process the actions of users that could be simultaneously working on the same file. A proof of concept software implementation was capable of successfully recovering the files encrypted by 18 different ransomware families. | en |
| dc.description.sponsorship | This work was supported by Spanish MINECO through project PIT (TEC2015-69417-C2-2-R). | en |
| dc.format.extent | 7 p. | |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | E. Berrueta, D. Morato, E. Magaña and M. Izal, 'Ransomware Encrypted Your Files but You Restored Them from Network Traffic,' 2018 2nd Cyber Security in Networking Conference (CSNet), Paris, 2018, pp. 1-7. doi: 10.1109/CSNET.2018.8602978 | en |
| dc.identifier.doi | 10.1109/CSNET.2018.8602978 | |
| dc.identifier.isbn | 978-1-5386-7045-3 | |
| dc.identifier.uri | https://academica-e.unavarra.es/handle/2454/36012 | |
| dc.language.iso | eng | en |
| dc.publisher | IEEE | en |
| dc.relation.ispartof | 2018 2nd Cyber Security In Networking Conference, CSnet 2018. Paris, oct. 24-26, 2018 | en |
| dc.relation.projectID | info:eu-repo/grantAgreement/MINECO//TEC2015-69417-C2-2-R/ES/ | |
| dc.relation.publisherversion | https://doi.org/10.1109/CSNET.2018.8602978 | |
| dc.rights | ©2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other work. | en |
| dc.rights.accessRights | info:eu-repo/semantics/openAccess | |
| dc.subject | Ransomware | en |
| dc.subject | Servers | en |
| dc.subject | Probes | en |
| dc.subject | Tools | en |
| dc.subject | Cryptography | en |
| dc.subject | Monitoring | en |
| dc.title | Ransomware encrypted your files but you restored them from network traffic | en |
| dc.type | info:eu-repo/semantics/conferenceObject | |
| dc.type.version | info:eu-repo/semantics/acceptedVersion | |
| dspace.entity.type | Publication | |
| relation.isAuthorOfPublication | 66d6a070-df96-4f8b-ba63-cb0a93f576ce | |
| relation.isAuthorOfPublication | cd454059-725e-480a-b896-894e79f307a5 | |
| relation.isAuthorOfPublication | c521bf55-a1e7-47b2-ac98-5fbf8c286f7a | |
| relation.isAuthorOfPublication | f829a159-0938-45d1-a352-d28fb297ed0b | |
| relation.isAuthorOfPublication.latestForDiscovery | 66d6a070-df96-4f8b-ba63-cb0a93f576ce |