Grant McDonald
Ransomware: Analysing the Impact on Windows Active Directory Domain Services
McDonald, Grant; Papadopoulos, Pavlos; Pitropakis, Nikolaos; Ahmad, Jawad; Buchanan, William J.
Authors
Dr Pavlos Papadopoulos P.Papadopoulos@napier.ac.uk
Lecturer
Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Associate Professor
Dr Jawad Ahmad J.Ahmad@napier.ac.uk
Visiting Lecturer
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Abstract
Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat towards organisations, there is very little information outlining how ransomware affects Windows Server environments, and particularly its proprietary domain services such as Active Directory. Hence, we aim to increase the cyber situational awareness of organisations and corporations that utilise these environments. Dynamic analysis was performed using three ransomware variants to uncover how crypto-ransomware affects Windows Server-specific services and processes. Our work outlines the practical investigation undertaken as WannaCry, TeslaCrypt, and Jigsaw were acquired and tested against several domain services. The findings showed that none of the three variants stopped the processes and decidedly left all domain services untouched. However, although the services remained operational, they became uniquely dysfunctional as ransomware encrypted the files pertaining to those services.
Citation
McDonald, G., Papadopoulos, P., Pitropakis, N., Ahmad, J., & Buchanan, W. J. (2022). Ransomware: Analysing the Impact on Windows Active Directory Domain Services. Sensors, 22(3), Article 953. https://doi.org/10.3390/s22030953
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Jan 24, 2022 |
| Online Publication Date | Jan 26, 2022 |
| Publication Date | 2022-02 |
| Deposit Date | Jan 28, 2022 |
| Publicly Available Date | Jan 31, 2022 |
| Journal | Sensors |
| Publisher | MDPI |
| Peer Reviewed | Peer Reviewed |
| Volume | 22 |
| Issue | 3 |
| Article Number | 953 |
| DOI | https://doi.org/10.3390/s22030953 |
| Keywords | ransomware; WannaCry; TeslaCrypt; Jigsaw; Windows Server; Active Directory Services |
| Public URL | http://researchrepository.napier.ac.uk/Output/2839078 |
Files
Ransomware: Analysing The Impact On Windows Active Directory Domain Services
(561 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
You might also like
Towards The Creation Of The Future Fish Farm
(2023)
Journal Article
Investigating Machine Learning Attacks on Financial Time Series Models
(2022)
Journal Article
GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture
(2022)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search