A Short Review for Ransomware: Pros and Cons

Shakir, Hasan Awni; Jaber, Aws Naser

doi:10.1007/978-3-319-69835-9_38

Cited by 7 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One type of malware that had gained considerable attention was called ransomware, or more specifically crypto-ransomware. This type of malware has attracted significant interests from cybercriminals, because of several success stories that had world-wide impacts, such as Wannacry, Petya and NotPetya [4]. Due to the high interest, numerous new ransomware have been created, and existing ransomware have been improved with new variants.…”

Section: Literature Reviewmentioning

confidence: 99%

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

et al. 2019

View full text Add to dashboard Cite

Ransomware is a relatively new type of intrusion attack, and is made with the objective of extorting a ransom from its victim. There are several types of ransomware attacks, but the present paper focuses only upon the crypto-ransomware, because it makes data unrecoverable once the victim’s files have been encrypted. Therefore, in this research, it was proposed that machine learning is used to detect crypto-ransomware before it starts its encryption function, or at the pre-encryption stage. Successful detection at this stage is crucial to enable the attack to be stopped from achieving its objective. Once the victim was aware of the presence of crypto-ransomware, valuable data and files can be backed up to another location, and then an attempt can be made to clean the ransomware with minimum risk. Therefore we proposed a pre-encryption detection algorithm (PEDA) that consisted of two phases. In, PEDA-Phase-I, a Windows application programming interface (API) generated by a suspicious program would be captured and analyzed using the learning algorithm (LA). The LA can determine whether the suspicious program was a crypto-ransomware or not, through API pattern recognition. This approach was used to ensure the most comprehensive detection of both known and unknown crypto-ransomware, but it may have a high false positive rate (FPR). If the prediction was a crypto-ransomware, PEDA would generate a signature of the suspicious program, and store it in the signature repository, which was in Phase-II. In PEDA-Phase-II, the signature repository allows the detection of crypto-ransomware at a much earlier stage, which was at the pre-execution stage through the signature matching method. This method can only detect known crypto-ransomware, and although very rigid, it was accurate and fast. The two phases in PEDA formed two layers of early detection for crypto-ransomware to ensure zero files lost to the user. However in this research, we focused upon Phase-I, which was the LA. Based on our results, the LA had the lowest FPR of 1.56% compared to Naive Bayes (NB), Random Forest (RF), Ensemble (NB and RF) and EldeRan (a machine learning approach to analyze and classify ransomware). Low FPR indicates that LA has a low probability of predicting goodware wrongly.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Another widely spreading and damage-causing ransomware assailment is the WannaCry ransomware, this has evolved over the years, its first occurrence was optically discerned in 1989 [20]. Multiple incipient technologies have been used to fight the WannaCry ransomware but have not been very efficacious [21]. These attacks target the operating systems, entities involved in managing the system, cloud storage, ancillary APIs, and gateways [22].…”

Section: Related Studymentioning

confidence: 99%

AI-enhanced Defense Against Ransomware Within the Organization’s Architecture

Brahmananda

2022

JCSANDM

View full text Add to dashboard Cite

Ransomware is a type of revenue-generating tactic that cybercriminals utilize to improve their income. Businesses have spent billions of dollars recovering control of their resources, which may include confidential data, operational applications and models, financial transactions, and other information, as a result of malicious software. Ransomware can infiltrate a resource or device and restrict the owner from accessing or utilizing it. There are various obstacles that a business must overcome in order to avoid ransomware attacks. Traditional ransomware detection systems employ a static detection method in which a finite dataset is provided into the system and a logical check is performed to prevent ransomware attacks against the system. This was effective in the early stages of the internet, but the scenario of recent times is far more advanced, and as more and more cyber world contrivances have been analyzed, multiple gaps have been identified, to the benefit of ransomware attackers, who use these gaps to generate astronomically large sums of money. As a result, the suggested methodology aims to efficiently detect diverse patterns associated with various file formats by starting with their sources, data collecting, probabilistic identification of target devices, and deep learning classifier with intelligent detection. An organization can use the recommended approach to safeguard its data and prepare for future ransomware attacks by using it as a roadmap to lead them through their security efforts.

show abstract

Towards AI-powered Cybersecurity Attack Modeling with Simulation Tools: Review of Attack Simulators

Jaber

Fritsch

2022

Advances on P2P, Parallel, Grid, Cloud and Internet Computing

View full text Add to dashboard Cite

A Short Review for Ransomware: Pros and Cons

Cited by 7 publications

References 20 publications

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

AI-enhanced Defense Against Ransomware Within the Organization’s Architecture

Towards AI-powered Cybersecurity Attack Modeling with Simulation Tools: Review of Attack Simulators

Contact Info

Product

Resources

About