A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

Kang, Qian; Gu, Yuanyuan

doi:10.20944/preprints202311.0798.v1

Cited by 5 publications

(18 citation statements)

References 79 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers have observed a trend in the evolution of ransomware tactics from basic lockers to more sophisticated encryption-based methods [26,27]. Newer ransomware variants are increasingly incorporating tactics to evade detection by security software [28]. The diversity in Android device models and OS versions also contributed to the challenge of securing all devices uniformly [29].…”

Section: Ransomware On Androidmentioning

confidence: 99%

“…Research has always advocated for a multi-layered security approach to effectively mitigate ransomware threats on mobile devices [30,28,31]. Traditional antivirus solutions have been found somewhat effective but insufficient alone due to the dynamic nature of ransomware attacks [13,32,33].…”

Section: Mitigation Techniquesmentioning

confidence: 99%

“…Traditional antivirus solutions have been found somewhat effective but insufficient alone due to the dynamic nature of ransomware attacks [13,32,33]. Combining real-time monitoring with behavior analysis could enhance detection rates [34,28]. Techniques involving the use of sandbox environments to isolate and analyze suspicious applications have shown promise in identifying ransomware before it can cause harm [35].…”

Section: Mitigation Techniquesmentioning

confidence: 99%

“…Researchers explored the potential of modifying API responses to mislead ransomware about the success of file encryption operations [7]. The application of heuristic techniques through API monitoring allowed for dynamic responses to suspected ransomware actions [28,27]. APIs could be used to create a secure vault area in the file system, where critical data could be isolated from malicious processes [27,43].…”

Section: Role Of File System Apismentioning

confidence: 99%

See 3 more Smart Citations

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

Ozturk,

Yilmaz,

Arslan

et al. 2024

Preprint

View full text Add to dashboard Cite

The development and effectiveness of an API-based system for mitigating ransomware threats on Android devices was explored in this study. Leveraging the Android/Linux file system API, the proposed system enhances the detection and prevention of ransomware by monitoring suspicious file system activities. The methodology includes extensive testing across various Android models and versions, demonstrating a high detection rate with minimal false positives. Results indicate that integrating system-level APIs into security frameworks significantly improves response times and device integrity against ransomware attacks. This paper contributes to mobile cybersecurity by providing a scalable and effective strategy for ransomware mitigation, proposing future enhancements with advanced predictive algorithms and broader system integration.

show abstract

Section: Ransomware On Androidmentioning

confidence: 99%

Section: Mitigation Techniquesmentioning

confidence: 99%

Section: Mitigation Techniquesmentioning

confidence: 99%

Section: Role Of File System Apismentioning

confidence: 99%

See 2 more Smart Citations

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

Ozturk,

Yilmaz,

Arslan

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…This exponential rise highlights not only the growing sophistication of ransomware attacks but also their expanding scope, targeting entities ranging from individual users to large corporations and government agencies [3]. The evolution of ransomware from relatively simple locker malware, which restricts access to the system or files without encrypting them, to highly sophisticated, self-propagating threats that exploit network vulnerabilities, signifies a shift in the threat landscape [3,1,4]. Modern ransomware variants, such as Wan-naCry and NotPetya, have demonstrated the capability to cause widespread disruption by leveraging encryption algorithms and propagation techniques that exploit flaws in network protocols, and have underscored the vulnerability of critical infrastructure and essential services to cyber extortion, leading to heightened scrutiny of cybersecurity defenses [2].…”

Section: Introductionmentioning

confidence: 99%

RanAway: A Novel Ransomware-Resilient ReFS File System

Long,

Liang

2024

Preprint

View full text Add to dashboard Cite

Ransomware has emerged as a pervasive threat in the cybersecurity landscape, characterized by its ability to encrypt critical data and demand ransom for its release. Traditional cybersecurity defenses often fall short against sophisticated ransomware attacks due to their reliance on signature-based detection mechanisms and inadequate preventive measures. This paper introduces RanAway, an innovative solution designed to enhance ransomware resilience by leveraging the advanced features of the Microsoft Resilient File System (ReFS). Unlike conventional file systems, ReFS offers enhanced data integrity, automatic error correction, and robust resistance to data degradation—features that are crucial for mitigating the impact of ransomware attacks. RanAway integrates with ReFS to provide real-time monitoring of file system operations, employing heuristic and behavior-based algorithms to detect and prevent ransomware activities effectively. Our findings demonstrate RanAway's significant potential in reducing the risk of ransomware attacks, highlighting its contributions to the field of cybersecurity through innovative use of file system technologies for threat resilience. The deployment of RanAway represents a paradigm shift towards a more integrated and system-level approach in combating ransomware, offering a blueprint for future developments in cybersecurity defenses.

show abstract

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

Li,

Zhu,

Zhang

2023

Preprint

View full text Add to dashboard Cite

This research focuses on developing a novel ransomware detection methodology leveraging the capabilities of the open source large language model LLaMA-7b and image analysis of Portable Executable (PE) files. By transforming PE files into grayscale bitmap images and analyzing these using the LLaMA-7b model, the study introduces an innovative approach in cybersecurity. The model demonstrates high accuracy in distinguishing ransomware from benignware, with a significant true positive rate and minimal false positives and negatives. This method overcomes the limitations of traditional static and dynamic analysis, proving effective against modern ransomware variants. The findings suggest that integrating advanced technologies like LLMs in cybersecurity offers a promising direction for enhancing ransomware detection and prevention.

show abstract

A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

Cited by 5 publications

References 79 publications

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

RanAway: A Novel Ransomware-Resilient ReFS File System

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

Contact Info

Product

Resources

About