Dr Owen Lo O.Lo@napier.ac.uk
Senior Research Fellow
MEMCRYPT CyberASAP Phase 2
People Involved
Dr Gordon Russell G.Russell@napier.ac.uk
Associate Professor
Dr Peter McLaren P.McLaren2@napier.ac.uk
Associate
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Project Description
Ransomware is a form of malicious software that blocks user access to data by encrypting files. A user is then required to pay the attacker a sum of money to receive the encryption artefacts and start recovering the data. MEMCRYPT has developed new techniques for detecting live malware activity and identifying the cryptographic keys, along with the related artefacts used during the attack. This allows for the detection of suspect encryption processes and interact before ransomware can affect a system. MEMCRYPT finds the artefacts in system memory, and within the first steps of a user's file being encrypted, these artefacts are available for the user to decrypt.
These methods in dealing with ransomware can also be applied more generally in detecting active malware and preventing the exfiltration of confidential data. This proof of concept aims to build an incident response triage system for ransomware, and which builds evidence around a ransomware attack, and where encrypted data samples are used to build up a picture of the encryption methods used. This can be used as a rapidly created sandbox area for real-time analysis, or can be used within law enforcement investigations, and where a large-scale system can be scanned for cryptographic evidence, with a fast matching system towards extracting key the key features required for investigations.
| Project Acronym | CyberASAP2 |
|---|---|
| Status | Project Complete |
| Funder(s) | Innovate UK |
| Value | £52,310.00 |
| Project Dates | Sep 23, 2020 - Feb 28, 2021 |
You might also like
Project Quaisten Jun 1, 2014 - Aug 1, 2015
To develop a question generator API to pull information from the web, based on defined questions types, confirming correct answers and implementing a process of question difficulty based on metrics about the individual question type and possible answ...
Read More about Project Quaisten.
e-FRAIL - Early detection of FRAilty and Illness Oct 1, 2015 - Dec 31, 2016
Scottish Frailty Framework with Mobile Device Capture and Big Data Integration. The proposed innovation will develop and extend the current work into Frailty, with the long term focus on encompassing not only clinical factors, but economic, environme...
Read More about e-FRAIL - Early detection of FRAilty and Illness.
Fragment Finder Mar 27, 2015 - Jan 18, 2016
Fragment Finder (FF) enables a new, high-speed approach to digital forensics. It is unique in that it will build a more efficient technical architecture for the creation, storage and use of hash signatures in digital forensics. The key focus of FF is...
Read More about Fragment Finder.
Kulio Education Characters - online platform Mar 15, 2015 - Oct 31, 2015
Kulio Ltd and Edinburgh Napier University are planning to collaborate to create a new innovative application consisting of Kulio education characters. Children throughout local authorities are already familiar with these characters through the intera...
Read More about Kulio Education Characters - online platform.
Onyu_Secure Apr 1, 2015 - Jul 31, 2015
The project undertaken by Onyu and ENU will concentrate around the mobile application that is under development by the team at Onyu.
Working with ENU our key objectives are:
1. Validation of our zero-knowledge encryption solution
2. Creation of...
Read More about Onyu_Secure.