A Comparative Analysis of VirLock and Bacteriophage ϕ6 through the Lens of Game Theory

A Comparative Analysis of VirLock and Bacteriophage ϕ6 through the Lens of Game Theory Dimitris Kostadimas Department of Informatics, Ionian University, 7 Tsirigoti Square, 49100 Corfu, Greece http://orcid.org/0000-0001-6356-1946 Kalliopi Kastampolidou Department of Informatics, Ionian University, 7 Tsirigoti Square, 49100 Corfu, Greece http://orcid.org/0000-0003-3607-9569 Theodore Andronikos Department of Informatics, Ionian University, 7 Tsirigoti Square, 49100 Corfu, Greece http://orcid.org/0000-0002-3741-1271

The novelty of this paper lies in its perspective, which underscores the fruitful correlation between biological and computer viruses. In the realm of computer science, the study of theoretical concepts often intersects with practical applications. Computer viruses have many common traits with their biological counterparts. Studying their correlation may enhance our perspective and, ultimately, augment our ability to successfully protect our computer systems and data against viruses. Game theory may be an appropriate tool for establishing the link between biological and computer viruses. In this work, we establish correlations between a well-known computer virus, VirLock, with an equally well-studied biological virus, the bacteriophage ϕ6. VirLock is a formidable ransomware that encrypts user files and demands a ransom for data restoration. Drawing a parallel with the biological virus bacteriophage ϕ6, we uncover conceptual links like shared attributes and behaviors, as well as useful insights. Following this line of thought, we suggest efficient strategies based on a game theory perspective, which have the potential to address the infections caused by VirLock, and other viruses with analogous behavior. Moreover, we propose mathematical formulations that integrate real-world variables, providing a means to gauge virus severity and design robust defensive strategies and analytics. This interdisciplinary inquiry, fusing game theory, biology, and computer science, advances our understanding of virus behavior, paving the way for the development of effective countermeasures while presenting an alternative viewpoint. Throughout this theoretical exploration, we contribute to the ongoing discourse on computer virus behavior and stimulate new avenues for addressing digital threats. In particular, the formulas and framework developed in this work can facilitate better risk analysis and assessment, and become useful tools in penetration testing analysis, helping companies and organizations enhance their security.
11 06 2023 853 876 analytics2040045 https://creativecommons.org/licenses/by/4.0/ 10.3390/analytics2040045 https://www.mdpi.com/2813-2203/2/4/45 https://www.mdpi.com/2813-2203/2/4/45/pdf Cohen Computer viruses: Theory and experiments Comput. Secur. 1987 10.1016/0167-4048(87)90122-2 6 22 Kaspersky (2023, October 31). What’s the Difference between a Virus and a Worm?. Available online: https://www.kaspersky.com/resource-center/threats/computer-viruses-vs-worms. Uniserve IT Solutions (2023, October 31). What Are the Different Types of Computer Viruses?. Available online: https://uniserveit.com/blog/what-are-the-different-types-of-computer-viruses. Norton (2023, October 31). What is a Computer Worm, and how Does It Work?. Available online: https://us.norton.com/blog/malware/what-is-a-computer-worm. Taylor, K. (2023, October 31). What Is A Worm Virus?, VIPRE. Available online: https://vipre.com/resources/articles/what-is-a-worm-virus/. Latto, N. (2023, October 31). Worm vs. Virus: What’s the Difference and Does It Matter?, Avast. Available online: https://www.avast.com/c-worm-vs-virus. Forster Phylogenetic network analysis of SARS-CoV-2 genomes Proc. Natl. Acad. Sci. USA 2020 10.1073/pnas.2004999117 117 9241 Stojanov Phylogenicity of B. 1.1. 7 surface glycoprotein, novel distance function and first report of V90T missense mutation in SARS-CoV-2 surface glycoprotein Meta Gene 2021 10.1016/j.mgene.2021.100967 30 100967 Stent, G.S. (1963). Molecular biology of bacterial viruses. Mol. Biol. Bact. Viruses, 143. Boase A plague of viruses: Biological, computer and marketing Curr. Sociol. 2001 10.1177/0011392101496006 49 39 Kurth The viruses in all of us: Characteristics and biological significance of human endogenous retrovirus sequences Proc. Natl. Acad. Sci. USA 1996 10.1073/pnas.93.11.5177 93 5177 Stewart The population biology of bacterial viruses: Why be temperate Theor. Popul. Biol. 1984 10.1016/0040-5809(84)90026-1 26 93 Mettenleiter, T.C., and Sobrino, F. (2008). Animal Viruses: Molecular Biology, Caister Academic Press. 10.1080/13102818.2023.2206492 Stojanov, D. (2023). Structural implications of SARS-CoV-2 Surface Glycoprotein N501Y mutation within receptor-binding domain [499-505]–computational analysis of the most frequent Asn501 polar uncharged amino acid mutations. Biotechnol. Biotechnol. Equip., 37. Salazar Genetic identity, biological phenotype, and evolutionary pathways of transmitted/founder viruses in acute and early HIV-1 infection J. Exp. Med. 2009 10.1084/jem.20090378 206 1273 Wagner, E., and Hewlett, M. (2004). Basic Virology, Blackwell Science. 10.3389/fcimb.2012.00119 Koonin, E.V., and Wolf, Y.I. (2012). Evolution of microbes and viruses: A paradigm shift in evolutionary biology?. Front. Cell. Infect. Microbiol., 2. Feschotte Endogenous viruses: Insights into viral evolution and impact on host biology Nat. Rev. Genet. 2012 10.1038/nrg3199 13 283 Hayes, W. (1964). The Genetics of Bacteria and Their Viruses: Studies in Basic Genetics and Molecular Biology, Blackwell Scientific. Baggesen Phage typing of Salmonella Typhimurium—Is it still a useful tool for surveillance and outbreak investigation? Eurosurveillance 2010 10.2807/ese.15.04.19471-en 15 19471 Wasik On the biological success of viruses Annu. Rev. Microbiol. 2013 10.1146/annurev-micro-090110-102833 67 519 Blaas Viral entry pathways: The example of common cold viruses Wien. Med. Wochenschr. 2016 10.1007/s10354-016-0461-2 166 211 Birtles Exploring the pH dependence of the SARS-CoV-2 complete fusion domain and the role of its unique structural features Protein Sci. 2022 10.1002/pro.4390 31 e4390 Rogers, K. (2010). Bacteria and Viruses, Britannica Educational Publishing. Onodera Construction of a transducing virus from double-stranded RNA bacteriophage phi6: Establishment of carrier states in host cells J. Virol. 1992 10.1128/jvi.66.1.190-196.1992 66 190 Douglas Viruses: Making friends with old foes Science 2006 10.1126/science.1123223 312 873 Falk Biology and molecular biology of viruses in the genus Tenuivirus Annu. Rev. Phytopathol. 1998 10.1146/annurev.phyto.36.1.139 36 139 Bouvier The biology of influenza viruses Vaccine 2008 10.1016/j.vaccine.2008.07.039 26 D49 Weibull, J.W. (1997). Evolutionary Game Theory, MIT Press. Kastampolidou, K., and Andronikos, T. (2021). GeNeDis 2020, Springer International Publishing. Kastampolidou, K., and Andronikos, T. (2020). Advances in Experimental Medicine and Biology, Springer International Publishing. Kastampolidou, K., Nikiforos, M.N., and Andronikos, T. (2020). Advances in Experimental Medicine and Biology, Springer International Publishing. Archetti Cooperation among cancer cells: Applying game theory to cancer Nat. Rev. Cancer 2019 10.1038/s41568-018-0083-7 19 110 10.1109/IISA.2019.8900768 Theocharopoulou, G., Giannakis, K., Papalitsas, C., Fanarioti, S., and Andronikos, T. (2019, January 15–17). Elements of Game Theory in a Bio-inspired Model of Computation. Proceedings of the 2019 10th International Conference on Information, Intelligence, Systems and Applications (IISA), Patras, Greece. Giannakis Dominant Strategies of Quantum Games on Quantum Periodic Automata Computation 2015 10.3390/computation3040586 3 586 10.3390/math6020020 Andronikos, T., Sirokofskich, A., Kastampolidou, K., Varvouzou, M., Giannakis, K., and Singh, A. (2018). Finite Automata Capturing Winning Sequences for All Possible Variants of the PQ Penny Flip Game. Mathematics, 6. 10.20944/preprints201905.0366.v1 Giannakis, K., Theocharopoulou, G., Papalitsas, C., Fanarioti, S., and Andronikos, T. (2019). Quantum Conditional Strategies and Automata for Prisoners’ Dilemmata under the EWL Scheme. Appl. Sci., 9. 10.3390/math9101115 Andronikos, T., and Sirokofskich, A. (2021). The Connection between the PQ Penny Flip Game and the Dihedral Groups. Mathematics, 9. 10.1109/SMAP53521.2021.9610778 Kostadimas, D., Kastampolidou, K., and Andronikos, T. (2021, January 4–5). Correlation of biological and computer viruses through evolutionary game theory. Proceedings of the 2021 16th International Workshop on Semantic and Social Media Adaptation & Personalization (SMAP), Corfu, Greece. Okeke, F. (2023, October 31). 8 Best Penetration Testing Tools and Software for 2023. Available online: https://www.techrepublic.com/article/best-penetration-testing-tools. (2023, October 31). 19 Powerful Penetration Testing Tools Used By Pros in 2023. Available online: https://www.softwaretestinghelp.com/penetration-testing-tools. Saeed, H. (2023, October 31). 17 Best Security Penetration Testing Tools The Pros Use. Available online: https://www.redswitches.com/blog/penetration-testing-tools. Fruhlinger, J., and Porup, J. (2023, October 31). 11 Penetration Testing Tools the Pros Use. Available online: https://www.csoonline.com/article/551957/11-penetration-testing-tools-the-pros-use.html. Malwarebytes (2023, September 22). Ransom.VirLock. Available online: https://www.malwarebytes.com/blog/detections/ransom-virlock. Aurangzeb Ransomware: A survey and trends J. Inf. Assur. Secur. 2017 6 48 Sophos (2016). The Current State of Ransomware: VirLock, ThreatFinder, CrypVault and PowerShell-Based, Sophos. The BlackBerry Cylance Threat Research Team (2023, October 31). Threat Spotlight: Virlock Polymorphic Ransomware. Available online: https://blogs.blackberry.com/en/2019/07/threat-spotlight-virlock-polymorphic-ransomware. 10.1007/978-3-030-66583-8 Ryan, M. (2021). Ransomware Revolution: The Rise of a Prodigious Cyber Threat, Springer. Advances in Information Security. VirusTotal (2023, October 31). Analysis of b3f70c6224b38f445ce2d2538ada604094de65165c84218798bfc4fd3ff11ac7. Available online: https://www.virustotal.com/gui/file/b3f70c6224b38f445ce2d2538ada604094de65165c84218798bfc4fd3ff11ac7. VirusTotal (2023, October 31). Analysis of 58d003a53890d6192e803c0cc2aa4f4ae35f7432d9600f1c60bd00323e50198b. Available online: https://www.virustotal.com/gui/file/58d003a53890d6192e803c0cc2aa4f4ae35f7432d9600f1c60bd00323e50198b. VirusTotal (2023, October 31). Analysis of 29e40e7bd619110e8adbf99cbc48c09d03a8c4bebb49e5e583dd1ce35b5deea9. Available online: https://www.virustotal.com/gui/file/29e40e7bd619110e8adbf99cbc48c09d03a8c4bebb49e5e583dd1ce35b5deea9. Lee Keeping our network safe: A model of online protection behaviour Behav. Inf. Technol. 2008 10.1080/01449290600879344 27 445 Rhee Self-efficacy in information security: Its influence on end users’ information security practice behavior Comput. Secur. 2009 10.1016/j.cose.2009.05.008 28 816 10.4236/jis.2014.52006 Gandotra, E., Bansal, D., and Sofat, S. (2014). Malware analysis and classification: A survey. J. Inf. Secur., 2014. Shijo Integrated static and dynamic analysis for malware detection Procedia Comput. Sci. 2015 10.1016/j.procs.2015.02.149 46 804 Staff, T.E. (2023, October 31). 70% of Malware Infections Go Undetected by AV Software. Available online: https://www.tripwire.com/state-of-security/70-of-malware-infections-go-undetected-by-antivirus-software-study-says. Taylor, C. (2023, October 31). Polymorphic Virus, CyberHoot. Available online: https://cyberhoot.com/cybrary/polymorphic-virus/. ESET (2023, October 31). VirLock: The First Shape-shifter Among Ransomware. Available online: https://www.eset.com/int/about/newsroom/press-releases/research/virlock-the-first-shape-shifter-among-ransomware/. Singh, A. (2023, October 31). Virlock’s Resurgence Poses Bigger Threat to File Syncing Over the Cloud, Netskope. Available online: https://www.netskope.com/blog/virlocks-resurgence-poses-bigger-threat-file-syncing-cloud. Netskope (2023, October 31). Cloud Access Security Broker (CASB). Available online: https://www.netskope.com/products/casb. Howells, J. (2023, October 31). Protecting Yourself Against the Scourge of Ransomware, Orange Business. Available online: https://www.orange-business.com/en/blogs/connecting-technology/security/protecting-yourself-against-the-scourge-of-ransomware. Stu, S. (2023, October 31). This Weird Ransomware Strain Spreads Like a Virus in the Cloud, The Spiceworks Community. Available online: https://community.spiceworks.com/topic/1855433-this-weird-ransomware-strain-spreads-like-a-virus-in-the-cloud-mitigation. Microsoft (2023, October 31). Volume Shadow Copy Service. Available online: https://learn.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service. Wikipedia (2023, October 31). Shadow Copy. Available online: https://en.wikipedia.org/wiki/Shadow_Copy. NJCCIC (2023, October 31). VirLock NJCCIC Threat Profile, Available online: https://www.cyber.nj.gov/threat-center/threat-profiles/ransomware-variants/virlock. 10.1007/978-1-4939-1711-2 Hoffstein, J., Pipher, J., and Silverman, J.H. (2014). An Introduction to Mathematical Cryptography, Springer. Vamshi, A. (2023, October 31). Cloud Malware Fan-out with Virlock Ransomware. Netskope. Available online: https://www.netskope.com/blog/cloud-malware-fan-virlock-ransomware. KnowBe4 (2023, October 31). Virlock Ransomware. Available online: https://www.knowbe4.com/virlock-ransomware. Sjouwerman, S. (2023, October 31). This Weird Ransomware Strain Spreads Like a Virus in the Cloud. Available online: https://blog.knowbe4.com/new-virlock-ransomware-strain-spreads-stealthily-via-cloud-storage. Craciun, V., Nacu, A., and Andronic, M. (October, January 30). It’s a file infector… It’s ransomware… It’s VirLock. Proceedings of the Virus Bulletin Conference, Prague, Czech Republic. Adam, S. (2023, October 31). The State of Ransomware 2021. Sophos News. Available online: https://news.sophos.com/en-us/2021/04/27/the-state-of-ransomware-2021/. Li Game theory of data-selling ransomware J. Cyber Secur. Mobil. 2021 10 65 Spyridopoulos A game theoretical method for cost-benefit analysis of malware dissemination prevention Inf. Secur. J.: A Glob. Perspect. 2015 24 164 Yin, T., Sarabi, A., and Liu, M. (2021, January 28–29). Deterrence, backup, or insurance: A game-theoretic analysis of ransomware. Proceedings of the Annual Workshop on the Economics of Information Security (WEIS), Virtual. NCBI (2023, September 22). National Center for Biotechnology Information, Available online: https://www.ncbi.nlm.nih.gov/Taxonomy/Browser/wwwtax.cgi?lvl=0&id=2928686. Turner Escape from prisoner’s dilemma in RNA phage Φ6 Am. Nat. 2003 10.1086/367880 161 497 Turner Cheating Viruses and Game Theory: The theory of games can explain how viruses evolve when they compete against one another in a test of evolutionary fitness Am. Sci. 2005 10.1511/2005.55.428 93 428 Wolf Motifs, modules and games in bacteria Curr. Opin. Microbiol. 2003 10.1016/S1369-5274(03)00033-X 6 125 Klarreich Generous players: Game theory explores the golden rule’s place in biology Sci. News 2004 10.2307/4015318 166 58 Sinclair Proteins of bacteriophage phi6 J. Virol. 1975 10.1128/jvi.16.3.685-695.1975 16 685 Bohl Evolutionary game theory: Molecules as players Mol. BioSyst. 2014 10.1039/C3MB70601J 10 3066 Silverman Systematic review and meta-analysis of the persistence and disinfection of human coronaviruses and their viral surrogates in water and wastewater Environ. Sci. Technol. Lett. 2020 10.1021/acs.estlett.0c00313 7 544 FIRST (2023, October 31). Common Vulnerability Scoring System v3.1: Specification Document. Available online: https://www.first.org/cvss/specification-document. FIRST (2023, October 31). Common Vulnerability Scoring System Version 3.1 Calculator. Available online: https://www.first.org/cvss/calculator/3.1. (2023, October 31). Wikipedia Common Vulnerability Scoring System. Available online: https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System. FIRST (2023, October 31). Common Vulnerability Scoring System SIG. Available online: https://www.first.org/cvss/. Fokas COVID-19: Predictive mathematical formulae for the number of deaths during lockdown and possible scenarios for the post-lockdown period Proc. R. Soc. A 2021 10.1098/rspa.2020.0745 477 20200745 Balak A simple mathematical tool to forecast COVID-19 cumulative case numbers Clin. Epidemiol. Glob. Health 2021 10.1016/j.cegh.2021.100853 12 100853 10.1109/EuroSPW55150.2022.00067 Botes, M., and Lenzini, G. (2022, January 6–10). When cryptographic ransomware poses cyber threats: Ethical challenges and proposed safeguards for cybersecurity researchers. Proceedings of the 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy. Mierzwa Ransomware Incident Preparations with Ethical Considerations and Command System Framework Proposal J. Leadersh. Account. Ethics 2022 19 110 Broucek Technical, legal and ethical dilemmas: Distinguishing risks arising from malware and cyber-attack tools in the ‘cloud’—A forensic computing perspective J. Comput. Virol. Hacking Tech. 2013 10.1007/s11416-012-0173-0 9 27 Hofmann How organisations can ethically negotiate ransomware payments Netw. Secur. 2020 10.1016/S1353-4858(20)30118-5 2020 13 Pawlicka A $10 million question and other cybersecurity-related ethical dilemmas amid the COVID-19 pandemic Bus. Horiz. 2021 10.1016/j.bushor.2021.07.010 64 729