Abstract:
A ransomware encrypts valuable user/system files found on a victim's device, and then asks for a ransom to release a decryption key needed to recover the plaintext files....Show MoreMetadata
Abstract:
A ransomware encrypts valuable user/system files found on a victim's device, and then asks for a ransom to release a decryption key needed to recover the plaintext files. Recently, the damage caused by such ransomwares is sharply increasing. So far, ransomware countermeasures are very similar to existing malware countermeasures. For example, after analyzing ransomware code itself, some methods detect/delete ransomwares from a device/system based on the analyzed result. Also, some methods try to find/block ransomware distribution roots. A common point of these countermeasures is that a trust party should first analyze ransomware codes and/or behaviors based on black lists (i.e., specific signatures of ransomwares). In this case, users should patch ransomware information from the trust party to prevent ransomwares installed/executed on their devices. However, since such approaches cannot prevent known/new ransomwares, the trust party can get/analyze a ransomware only after the ransomware has attacked some users. It means that an unspecified, large number of users can inevitably become victims of new ransomwares. Another approach is detect abnormal behavior of software executed on users' devices. It is one of such approaches to point a folder as a secure folder and then to control software accessing files in the folder. However, such an approach may cause inconvenience to users and limit users' behavior. Hence, to effectively as well as securely detect/control ransomwares, this paper proposes a new method to detect/block ransomwares by analyzing the file operation procedure of the operating system on user's device and applying an access control scheme to the file operation procedure. The proposed scheme can in real-time detect ransomwares to encrypt valuable files in users' devices without the patch of a ransomware information published by a trust party. So, it can prevent both new and variant ransomwares in real time.
Date of Conference: 12-14 January 2018
Date Added to IEEE Xplore: 29 March 2018
ISBN Information:
Electronic ISSN: 2158-4001