1. Digital forensic of Maze ransomware: A case of electricity distributor enterprise in ASEAN.
- Author
-
Chimmanee, Krishna and Jantavongso, Suttisak
- Subjects
- *
DIGITAL forensics , *RANSOMWARE , *COVID-19 pandemic , *MAZE tests , *ENERGY industries , *MAZE puzzles - Abstract
• The 2S attack matrix on the actual time sequence with the two loopings. • The precise forensics' timeline on the real case attack. • The in-depth technical details of the attacks within the energy sector. • The insight into the attacker's behaviors for network admins. • The protection begins with a clear understanding of the ransomware attack pattern. Due to the Coronavirus pandemic (COVID-19) throughout 2020–22, remote working has played an important part in organizations, businesses, and agencies worldwide. This situation makes the various cybersecurity threats the Internet poses, especially ransomware. Ransomware will remain the top cybersecurity threat, and the energy sector is the prime target. Previously, research papers only focused on the analytical and protection frameworks. These papers rarely provide real evidence and detailed digital forensics. Interestingly, the ransomware gangs developed new methods but still used similar attack patterns. The authors envisage that a precise understanding of the ransomware attack characteristics is a starting point for the correct detection process. This paper presents a true case study demonstrating the actual occurrence of digital forensics and in-depth technical details of the attacks within the energy sector. The significant attack patterns, which have never been emphasized in research papers, can be proposed for the two loops. The results led to a novel ransomware attack matrix with two loop patterns (dwell time factor) applicable to other ransomware gangs for the detection stage of the NIST. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF