Characteristics ransomware stop/djvu remk and erqw variants with static-dinamic analysis

Abstract

Ransomware has developed into various new variants every year. One type of ransomware is STOP/DJVU, containing more than 240+ variants. This research to determine changes in differences characteristics and impact between ransomware variants STOP/DJVU remk, which is a variant from 2020, and the erqw variant from 2023, through a mixed-method research approach. Observation, simulation using mixing static and dynamic malware analysis methods. Both variants are from the Malware Bazaar site. The total characteristics based on dynamic analysis, the remk variant has 177, and the erqw variant has 190, which increased by 1.8%. The total characteristics based on static analysis, the remk variants have 586, and the erqw variants have 736, which increased by 5.7%. All characteristics from remk to erqw increasing in dynamic analysis, except the number of payloads that decreased about 20%. In static analysis, all characteristics from remk to erqw increase except the number of sections decreased about 1.5%. It can be the affected CPU performance, because the remk variant affects performance by increasing CPU work by 3.74%, while the erqw variant affects performance by reducing CPU work by 1.18%, both compared with normal CPU. which will affect the ransomware's destructive work and require changes in its handling.