Salko Korac
Ransomware: Analysis and Evaluation of Live Forensic Techniques and the Impact on Linux Based IoT Systems
Korac, Salko; Maglaras, Leandros; Moradpoor, Naghmeh; Kioskli, Kitty; Buchanan, William; Canberk, Beck
Authors
Leandros Maglaras
Dr Naghmeh Moradpoor N.Moradpoor@napier.ac.uk
Associate Professor
Kitty Kioskli
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Prof Berk Canberk B.Canberk@napier.ac.uk
Professor
Abstract
Ransomware has been predominantly a threat to Windows systems. But, Linux systems became interesting for cybercriminals and this trend is expected to continue. This endangers IoT ecosystems, whereas many IoT systems are based on Linux (e.g. cloud infrastructure and gateways). This paper researches how currently employed forensic techniques can be applied to Linux ransomware and evaluates the maturity as well as the impact on the system. While Windows-based ransomware predominantly uses RSA and AES for key management, a variety of approaches was identified for Linux. Cybercriminals appear to be deliberately moving away from RSA and AES to make Live forensic investigations more difficult. Linux ran-somware is developed for a predefined goal and does not exploit the full potential of damage. It appears in an early stage and is expected to reach a similar potential to Windows-based malware. The results generated provided an excellent basic understanding to discuss and assess implications on the IoT industry at an early stage of development.
Citation
Korac, S., Maglaras, L., Moradpoor, N., Kioskli, K., Buchanan, W., & Canberk, B. (2025, June). Ransomware: Analysis and Evaluation of Live Forensic Techniques and the Impact on Linux Based IoT Systems. Presented at IEEE DCOSS-IoT 2025, Tuscany (Lucca), Italy
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | IEEE DCOSS-IoT 2025 |
| Start Date | Jun 9, 2025 |
| End Date | Jun 11, 2025 |
| Acceptance Date | Apr 25, 2025 |
| Deposit Date | Apr 28, 2025 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Peer Reviewed | Peer Reviewed |
| Keywords | Ransomware, Linux, Malware |
| Public URL | http://researchrepository.napier.ac.uk/Output/4246733 |
| External URL | https://dcoss.org/ |
This file is under embargo due to copyright reasons.
Contact repository@napier.ac.uk to request a copy for personal use.
You might also like
Securing IoT: Mitigating Sybil Flood Attacks with Bloom Filters and Hash Chains
(2024)
Journal Article
An omnidirectional approach to touch-based continuous authentication
(2023)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search