Development and forensic study of a ransomware for Android 8.1 devices

Resumo

The world of technology is under attack all the time. The reasons for this range from economic to political and, as a result, there is a need for global awareness of the risks involved. With this, there is also a need for continuous training of cybersecurity professionals. Of all the attacks that cause the most damage to society, especially in the economic sphere, ransomware is the one that leads the ranking. This fact defined the first objective of the Master’s thesis presented in this article: the design of a mobile ransomware for devices with Android 8.1 operating system. The aim was to investigate the functioning of ransomware-type viruses at a low level, as well as other related aspects. From the first objective arose the second: to carry out computer forensic studies targeting the previously designed virus. These reports are intended to be used for educational purposes, serving as a procedural guide for university professors or professionals in the sector who are interested in virus forensics. Both objectives were successfully achieved. A ransomware virus was developed, hidden behind a so-called image gallery application. It encrypts certain images on the victim device and sends the encryption key to its own remote server. In addition, two forensic reports were produced in accordance with the appropriate standards. In these reports, each step of the virus analysis was explained in detail. A range of alternative tools to be used by the analyst during the analysis was also included