МЕТОДЫ ШИФРОВАНИЯ И УНИЧТОЖЕНИЯ ДАННЫХ ВО ВРЕДОНОСНОМ ПРОГРАММНОМ ОБЕСПЕЧЕНИИ: ОБЗОР И ТЕНДЕНЦИИ РАЗВИТИЯ

Денис Н. Макрушин, Анна В. Епишкина

Аннотация


В статье систематизированы и проанализированы криптографические методы и способы деструктивного воздействия на данные, применяемые вредоносным программным обеспечением для преобразования данных, выявлены тенденции их развития. Актуальность работы обусловлена ростом числа инцидентов, связанных с нарушением целостности и доступности данных, а также усложнением атак за счет комбинации методов шифрования данных и их эксфильтрации. В процессе исследования выполнен обзор источников за период с 2010 по 2025 гг. с применением подхода PRISMA и проведена классификация атак на основе модели, состоящей из объекта атаки, метода воздействия, способа реализации и результата воздействия. Введены метрики для количественной оценки распространенности методов частичного и прерывистого шифрования, гибридных схем управления ключами, деструктивных воздействий на метаданные и загрузочные структуры, а также комбинированных сценариев. Предложена классификация методов шифрования и повреждения данных, продемонстрированы тенденции перехода к более быстрым криптографическим алгоритмам и широкое внедрение прерывистого шифрования для повышения скрытности и скорости атак. Полученные результаты могут стать основой для формирования требований к методам выявления и архитектуре средств защиты от троянов-вымогателей (ransomware) и троянов-стирателей (wipers).

Ключевые слова


вредоносное программное обеспечение, целостность, шифрование, уничтожение данных, троян-вымогатель, троян-шифровальщик, троян-стиратель

Полный текст:

PDF

Литература


1. Oz H., Aris A., Levi A., Uluagac A. S. 2022. A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions. ACM Comput. Surv. 54, 11s, Article 238 (January 2022), 37 p. DOI: https://doi.org/10.1145/3514229.
2. Gómez Hernández, J. A., García Teodoro, P., Magán Carrión, R., Rodríguez Gómez, R. (2023). Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges. Electronics, 12(21), 4494. DOI: https://doi.org/10.3390/electronics12214494.
3. Razaulla S. et al. The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions. IEEE Access, v. 11, pp. 40698-40723, 2023. DOI: https://doi.org/10.1109/ACCESS.2023.3268535.
4. Sudheer, S. (2024). Ransomware Attacks and Their Evolving Strategies: A Systematic Review of Recent Incidents. Journal of Technology and Systems, 6(7), 32-59. DOI: https://doi.org/10.47941/jts.2399.
5. Basha C.B. et al. Understanding and Mitigating Ransomware Threats: Trends, Techniques, and Countermeasures in the Digital Age. 2023 International Conference for Technological Engineering and its Applications in Sustainable Development (ICTEASD), Al-Najaf, Iraq, 2023, pp. 383-387. DOI: https://doi.org/10.1109/icteasd57136.2023.10585140
6. Muniandy M., Yusof M. M., Haron H. Evolution and Impact of Ransomware: Patterns, Prevention, and Recommendations for Organizational Resilience. International Journal of Academic Research in Business & Social Sciences. 2024, v. 14, no. 1. DOI: https://doi.org/10.6007/ijarbss/v14-i1/19803.
7. Craciun, V.C., Mogage, A., Simion, E. (2019). Trends in Design of Ransomware Viruses. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science, v. 11359. Springer, Cham. DOI: https://doi.org/10.1007/978-3-030-12942-2_20.
8. Genç, Z.A., Lenzini, G., Ryan, P.Y.A. (2018). Next Generation Cryptographic Ransomware. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science, v. 11252. Springer, Cham. DOI: https://doi.org/10.1007/978-3-030-03638-6_24
9. Zimba A., Wang Z., Mulenga M., Odongo N. H. Understanding the evolution of ransomware: paradigm shifts in attack structures. International Journal of Computer Network and Information Security. 2019, v. 11, no. 1, pp. 26-39. DOI: https://doi.org/10.5815/IJCNIS.2019.01.03.
10. Bajpai P., Sood A.K. and Enbody R. A key-management-based taxonomy for ransomware. 2018 APWG Symposium on Electronic Crime Research (eCrime), San Diego, CA, USA, 2018, pp. 1-12. DOI: https://doi.org/10.1109/ECRIME.2018.8376213.
11. Aboud M.A. and Mariyappn K. Investigation of Modern Ransomware Key Generation Methods: A Review. 2021 International Conference on Computer Communication and Informatics (ICCCI), Coimbatore, India, 2021, pp. 1-5. DOI: https://doi.org/10.1109/ICCCI50826.2021.9402680.
12. Ploszek R., Švec P., Debnár P. Analysis of encryption schemes in modern ransomware. Journal of Information and Organizational Sciences. 2021, v. 45, no. 1. DOI: https://doi.org/10.21857/MNLQGC58GY.
13. Cicala F. and Bertino E. Analysis of Encryption Key Generation in Modern Crypto Ransomware. IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 1239-1253, 1 March-April 2022. DOI: https://doi.org/10.1109/TDSC.2020.3005976.
14. Padhy R.P., Patra M.R., Satapathy S.C. CurveLock: Exploring Elliptic Curves Implementation in Modern Ransomware. Preprints. 2025. DOI: https://doi.org/10.21203/rs.3.rs-6072623/v1.
15. Alelyani S., Kumar H. Overview of cyberattack on Saudi organizations. Journal of Information Security and Cybercrimes Research. 2018, v. 1, no. 1, pp. 42-50. DOI: https://doi.org/10.26735/16587790.2018.004.
16. Park S., Lee M., Na S., Lim J. Destructive Malwares on MITRE ATT&CK Tactics for Cyber Warfare: A Brief Survey and Analysis. Proc. International Conference on Information Security and Cryptology. 2021. DOI: https://doi.org/10.1007/978-981-97-4465-7_19.
17. Adamov A. Russian Wipers: Cyberwar Against Ukraine. Technical Report. 2022. URL: https://www.virusbulletin.com/conference/vb2022/abstracts/russian-wipers-cyberwar-against-ukraine/ (accessed: 25.02.2026).
18. Vo, K. (2025). Among the World’s Most Powerful: Analyzing the Evolution of Iran’s Cyber Espionage, Disruption, and Information Operations Capabilities. Studies in Conflict & Terrorism, 1-16. DOI: https://doi.org/10.1080/1057610x.2025.2545790.
19. Rapin A. J. Death by a thousand bytes? Assessing the strategic effects of wiper attacks. Journal of Cybersecurity. 2023. DOI: https://doi.org/10.1080/23738871.2025.2584828.
20. Zhioua S. The Middle East under Malware Attack Dissecting Cyber Weapons. 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, Philadelphia, PA, USA, 2013, pp. 11-16. DOI: https://doi.org/10.1109/ICDCSW.2013.30.
21. Jabid T., Raihan M.S., Hossain M.F. A brief history of ransomware. Book Chapter. 2024. DOI: https://doi.org/10.1201/9781003469506-2.
22. Ahmed Y. Ransomware evolution. Book Chapter. 2024. DOI: https://doi.org/10.1201/9781003469506.
23. Page M.J., McKenzie J.E., Bossuyt P.M., et al. The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. BMJ. 2021. Vol. 372. P. n71. DOI: https://doi.org/10.1136/bmj.n71.
24. Sultan H., Khalique A., Alam B., Javaid N. A survey on ransomware: evolution, growth, and impact. International Journal of Advanced Research in Computer Science. 2018, v. 9, no. 2. DOI: https://doi.org/10.26483/IJARCS.V9I2.5858.
25. Adamov A., Carlsson A. The state of ransomware. Trends and mitigation techniques. 2017 IEEE East-West Design & Test Symposium (EWDTS), Novi Sad, Serbia, 2017, pp. 1-8. DOI: https://doi.org/10.1109/EWDTS.2017.8110056.
26. Kao D.-Y., Hsiao S.-C., Tso R. Analyzing WannaCry Ransomware Considering the Weapons and Exploits. Proc. IEEE ICACT. 2019. DOI: https://doi.org/10.23919/ICACT.2019.8702049.
27. Akbanov M., Vassilakis V.G., Logothetis M.D. WannaCry Ransomware: Analysis of Infection, Persistence, Recovery Prevention and Propagation Mechanisms. Journal of Telecommunications and Information Technology. 2019, v. 1, pp. 113-124. DOI: https://doi.org/10.26636/JTIT.2019.130218.
28. Li Y. Security Analysis of Ransomware: A Deep Dive into WannaCry and Locky. Proc. IEEE CCWC. 2023. DOI: https://doi.org/10.1109/CCWC57344.2023.10099114.
29. Chen Q., Bridges R. A. Automated Behavioral Analysis of Malware: A Case Study of WannaCry Ransomware. arXiv:1709.08753 [cs.CR]. 2017. DOI: https://doi.org/10.48550/arXiv.1709.08753.
30. Mahboubi A., Moussavi K., Darki A. Data Encryption Battlefield: A Deep Dive into the Dynamic Confrontations in Ransomware Attacks. Preprints. 2025. DOI: https://doi.org/10.48550/arxiv.2504.20681.
31. Raj R. K., Shukla S., Kumar A. Modern Ransomware: Evolution, Methodology, Attack Model, Prevention and Mitigation using Multi-Tiered Approach. Preprints. 2024. DOI: https://doi.org/10.22541/au.170663691.11172367/v1.
32. K.P.D S and P. Kumar H R. A Systematic Study on Ransomware Attack: Types, Phases and Recent Variants. 2024 5th International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV), Tirunelveli, India, 2024, pp. 661-668. DOI: https://doi.org/10.1109/icicv62344.2024.00110.
33. Elkhail A.A. et al. Seamlessly Safeguarding Data Against Ransomware Attacks. IEEE Transactions on Dependable and Secure Computing, v. 20, no. 1, pp. 1-16, 1 Jan.-Feb. 2023. DOI: https://doi.org/10.1109/TDSC.2022.3214781.
34. Londemure D., Mbah C., Agyemang B., Rawat D. B. Automated Ransomware Detection Using Hierarchical Encryption Deviation Analysis. Preprints. 2024. DOI: https://doi.org/10.31219/osf.io/pevfs.
35. Whitrock J., Agyemang B., Rawat D. B. Novel Algorithmic Framework for Ransomware Detection via Contextual Flow Anomaly Mapping. Preprints. 2024. DOI: https://doi.org/10.31219/osf.io/bhnz8.
36. Vasconcelos G., Zarpelão B. B., Cansian A. M. LLaMa Assisted Reverse Engineering of Modern Ransomware: A Comparative Analysis with Early Crypto-Ransomware. Preprints. 2023. DOI: https://doi.org/10.21203/rs.3.rs-3689581/v1.
37. Shang J., Zhang L., Zheng Z. Beyond Algorithmic Proofs: Towards Implementation-Level Provable Security. arXiv:2508.01144 [cs.CR]. 2025. DOI: https://doi.org/10.48550/arxiv.2508.01144.
38. Indu R., Sharma A. Ransomware: A New Era of Digital Terrorism. International Journal of Engineering and Technology. 2018. DOI: https://doi.org/10.48550/arxiv.2504.20681.
39. Guerrero-Saade J. A. HermeticWiper—new destructive malware used in cyber attacks on Ukraine. Technical Report. 2022. URL: https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/ (accessed: 25.02.2026).
40. Hsiao S. -C. and Kao D. -Y. The static analysis of WannaCry ransomware. 2018 20th International Conference on Advanced Communication Technology (ICACT), Chuncheon, Korea (South), 2018, pp. 1-1. DOI: https://doi.org/10.23919/ICACT.2018.8323679.
41. Hsiao S.-C., Kao D.-Y. The static analysis of WannaCry ransomware. Technical Report. 2018. DOI: https://doi.org/10.23919/ICACT.2018.8323680.
42. Gastañaga J. C., Rios R., Lopez J. Clasificando ransomwares para el desarrollo de un detector de código malicioso en ejecución. Proc. RECSI. 2019. URL: http://sedici.unlp.edu.ar/handle/10915/77259 (accessed: 25.02.2026).
43. Nicho M., Fakhry H., Eghan C. Analyzing WhisperGate and BlackCat Malware: Methodology and Threat Perspective. International Journal of Advanced Computer Science and Applications. 2023, v. 14, no. 4. DOI: https://doi.org/10.14569/ijacsa.2023.0140456.
44. Lanza J., Sotelo Monge M. A., García Villalba L. J. Ransomware Analysis: Knowledge Extraction and Classification for Advanced Cyber Threat Intelligence. Preprints. 2024. DOI: https://doi.org/10.1201/9781003528999.
45. Malik N.A., et al. Behavior and Characteristics of Ransomware - A Survey. 2024 2nd International Conference on Cyber Resilience (ICCR), Dubai, United Arab Emirates, 2024, pp. 1-5. DOI: https://doi.org/10.1109/iccr61006.2024.10532983.
46. Yu J., Wang Y., Chen X. Research on File Recovery Method Against Ransomware Using Hybrid Pattern Cryptographic System. Computer Engineering and Applications. 2019. DOI: https://doi.org/10.3778/j.issn.1002-8331.1803-0277.
47. Alharbi A., Alhaidari F., Zohdy M. Empowering Network Security through Advanced Analysis of Malware Samples: Leveraging System Metrics and Network Log Data for Informed Decision-Making. International Journal of Networked and Distributed Computing. 2024. DOI: https://doi.org/10.1007/s44227-024-00032-1.
48. Janovsky A., Bartel A., Klein J., Traon Y. L. A Longitudinal Study of Cryptographic API: a Decade of Android Malware. Proc. ACM ASIA CCS. 2022. DOI: https://doi.org/10.48550/arXiv.2205.05573.
49. Ziya Alper Genç, Gabriele Lenzini, and Peter Y.A. Ryan. 2018. Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware. In Proceedings of the Central European Cybersecurity Conference 2018 (CECC 2018). Association for Computing Machinery, New York, NY, USA, Article 7, 1-6. DOI: https://doi.org/10.1145/3277570.3277577.
50. Alzahrani S., Xiao Y. and Sun W. An Analysis of Conti Ransomware Leaked Source Codes. IEEE Access, v. 10, pp. 100178-100193, 2022. DOI: https://doi.org/10.1109/access.2022.3207757.
51. Pakshad P. An In-Depth Analysis of a Cyber Attack: Case Study and Security Insights. Technical Report. 2020. DOI: https://doi.org/10.48550/arXiv.2409.19194.
52. Falcone R. Second Wave of Shamoon 2 Attacks Identified. Technical Report. 2016. URL: https://unit42.paloaltonetworks.com/unit42-second-wave-shamoon-2-attacks-identified/ (accessed: 25.02.2026).
53. Falcone R. Shamoon 3 Targets Oil and Gas Organization. Technical Report. 2018. URL: https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/ (accessed: 25.02.2026).
54. Smyrak-Sikora A. Modeling of Advanced Threat Actors: Characterization, Categorization and Detection. PhD Thesis. 2023. DOI: https://doi.org/10.4995/thesis/10251/193855.
55. Alrubaie T., Elmedany W., Ababneh N., Zeadally S. and Curran K. A Cybersecurity Architecture to Mitigate Shamoon Attacks. 2022 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT), Sakheer, Bahrain, 2022, pp. 266-277. DOI: https://doi.org/10.1109/3ICT56508.2022.9990865.
56. Gutmann P. Secure Deletion of Data from Magnetic and Solid-State Memory. Proc. USENIX Security Symposium. 1996. URL: https://www.usenix.org/conference/6th-usenix-security-symposium/secure-deletion-data-magnetic-and-solid-state-memory (accessed: 25.02.2026).
57. Weckstén M., Frick J., Sjöström A., Järpe E. A novel method for recovery from Crypto Ransomware infections. 2016 2nd IEEE International Conference on Computer and Communications (ICCC), Chengdu, China, 2016, pp. 1354-1358. DOI: https://doi.org/10.1109/COMPCOMM.2016.7924925.
58. Zimba A., Wang Z., Simukonda L. Towards Data Resilience: The Analytical Case of Crypto Ransomware Data Recovery Techniques // International Journal of Information Technology and Computer Science. 2018, v. 10, no. 1, pp. 40-51. DOI: https://doi.org/10.5815/IJITCS.2018.01.05.
59. Zimba A., Simukonda L., Chishimba M. A Ransomware Classification Framework Based on File-Deletion and File-Encryption Attack Structures. Journal of Computer and Communications. 2021. DOI: https://doi.org/10.48550/arXiv.2102.10632.
60. Yadav S. K. A Survey on Ransomware Malware and Ransomware Detection Techniques. International Journal for Research in Applied Science and Engineering Technology. 2022, v. 10, no. 1. DOI: https://doi.org/10.22214/ijraset.2022.39787.
61. Hou Y. T., Guo L., Zhou C., Zhang Q., Liu W. Preventing Disruption of System Backup against Ransomware Attacks. Proceedings of the ACM on Software Engineering. 2025, v. 2. DOI: https://doi.org/10.1145/3728880.
62. Kolodenker E., Koch W., Stringhini G., Egele M. PayBreak: Defense Against Cryptographic Ransomware. Proc. ACM CCS. 2017. DOI: https://doi.org/10.1145/3052973.3053035.
63. Alshaikh M., Naseer H., Ahmad A., Maynard S. B. Ransomware Prevention and Mitigation Techniques. International Journal of Computer Applications. 2020, v. 176, no. 20, pp. 1-9. DOI: https://doi.org/10.5120/IJCA2020919899.
64. Maniath S., Ashok A., Poornachandran P., Sujadevi V. G., Sankar A. U. P., Jan S. Survey on Prevention, Mitigation and Containment of Ransomware Attacks. Proc. SSCC. 2018. DOI: https://doi.org/10.1007/978-981-13-5826-5_3.
65. Olaimat M.N., Aizaini Maarof M. and Al-rimy B A.S. Ransomware Anti-Analysis and Evasion Techniques: A Survey and Research Directions. 2021 3rd International Cyber Resilience Conference (CRC), Langkawi Island, Malaysia, 2021, pp. 1-6. DOI: https://doi.org/10.1109/CRC50527.2021.9392529.
66. 66. Nadeem Shah, Mohammed Farik, Ransomware - Threats, Vulnerabilities And Recommendations. International Journal of Scientific & Technology Research. 2017, v. 6, Issue 06, pp. 309-313. 2017.
URL: https://www.ijstr.org/final-print/june2017/Ransomware-Threats-Vulnerabilities-And-Recommendations.pdf (accessed: 25.02.2026).
67. Monika, Zavarsky P., Lindskog D. Experimental analysis of ransomware on Windows and Android platforms: Evolution and characterization. Procedia Computer Science. 2016, v. 94, pp. 465-472. DOI: https://doi.org/10.1016/J.PROCS.2016.08.072.
68. Forensic Analysis of Ransomware Families Using Static and Dynamic Analysis. 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 2018, pp. 180-185. DOI: https://doi.org/10.1109/SPW.2018.00033.
69. Souza L.C., Cogo V.V., Machado G.S., Granville L.Z. Um Estudo Acerca da Seleção de Features para a Detecção dos Ransomwares WannaCry, Ryuk e CryptoLocker. Proc. SEMISH. 2023. DOI: https://doi.org/10.5753/semish.2023.229616.




DOI: http://dx.doi.org/10.26583/bit.2026.3.08

Ссылки

  • На текущий момент ссылки отсутствуют.


Лицензия Creative Commons
Это произведение доступно по лицензии Creative Commons «Attribution» («Атрибуция») 4.0 Всемирная.