ABSTRACT
Ransomware is one of the rising malwares in the crimeware family. It encrypts the user files and demands extortion money. From the perspective of an enterprise it is very crucial to detect and stop a ransomware attack. A well studied technique is to monitor file system behavior for suspicious activity. In this work we will show the gap in the existing state of art and describe a dynamic system which learns new behavior while under attack.
- Symantec. An ISTR Special Report: Ransomware and Businesses 2016. http://goo.gl/CjH90k, 2016.Google Scholar
- Washington Post. LA Hospital Pays Hackers After Ransomware Attack. https://goo.gl/IVx60L, 2016.Google Scholar
- Young et.al. Cryptovirology: Extortion-based security threats and countermeasures. In Symposium on Security and Privacy, pages 129--140. IEEE, 1996. Google ScholarDigital Library
- Scaife et.al. Cryptolock (and drop it):stopping ransomware attacks on user data. In International Conference on Distributed Computing Systems. IEEE, 2016.Google Scholar
- Kharraz et.al. Unveil: A large-scale, automated approach to detecting ransomware. USENIX Security Symposium, 2016.Google Scholar
- Ma et.al. Shadow attacks: automatically evading system-call-behavior based malware detection. Journal in Computer Virology, 8(1--2):1--13, 2012. Google ScholarDigital Library
- Kharraz et.al. Cutting the gordian knot: a look under the hood of ransomware attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 3--24. Springer, 2015. Google ScholarDigital Library
- Shukla et.al. Poster: Winover enterprise dark data. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015. Google ScholarDigital Library
Index Terms
- POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat
Recommendations
A method for decrypting data infected with Hive ransomware
AbstractAmong the many types of malicious software currently circulating, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not ...
Highlights- We analyzed the detailed encryption process of the Hive ransomware.
- We found a ...
POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityIn recent years, the number of new examples of malware has continued to increase. To create effective countermeasures, security specialists often must manually inspect vast sandbox logs produced by the dynamic analysis method. Conversely, antivirus ...
CloudRPS: a cloud analysis based enhanced ransomware prevention system
Recently, indiscriminate ransomware attacks targeting a wide range of victims for monetary gains have become a worldwide social issue. In the early years, ransomware has used e-mails as attack method. The most common spreading method was through spam ...
Comments