CloudRPS: a cloud analysis based enhanced ransomware prevention system

Lee, Jeong Kyu; Moon, Seo Yeon; Park, Jong Hyuk

doi:10.1007/s11227-016-1825-5

Cited by 42 publications

(19 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Not only a different operating system or device, ransomware can affect online storage along with offline or IoT devices along with simple computing devices also. However, ransomware detection techniques have also been proposed for the same [28,29]. Although most of the techniques developed to detect a particular type of ransomware were found to have good accuracy, a full-fledged technique has not been developed yet to detect all ransomware because of frequent updation of ransomware signature.…”

Section: Machine-learning Based Approachmentioning

confidence: 99%

Ransomware Threat, Attack, Prevention and Cure on Window Platform

Sharma*,

Singh

2020

IJITEE

View full text Add to dashboard Cite

With the advancement of digitization in every domain, the dependency of individuals on these digitized softwares has also increased. Although these softwares can perform storage, transfer, and security of digital media easily, the threat of hardware/software failure, data tapping and breaching data has always been there. Most of these threats have been introduced by the development of malicious softwares that can provide unauthorized access of machine’s data. This malicious software was termed as malware. The development of any antimalware software to prevent the machine from malware triggers the attacker to generate new malicious operations to infect the machine. Ransomware is, however, a novel and one of the dangerous malware invented recently that restricts the user from accessing their system by locking the operating system files using strong encryption algorithms in the system unless and until a ransom is paid. Seeing the emergence of this ransomware threat and also the increasing usage of digital media, many techniques have been developed to detect the presence of different types of ransomware in different environments. Since the importance of developing techniques to prevent our machines from such attacks is increasing substantially, further research in the respective domain require thorough analysis of all the techniques that have been developed in this regard. This paper introduces the concept of ransomware and how it has been evolved. Along with various methods of handling the ransomware, thorough analysis of techniques that have been developed until now for the prevention and detection of different ransomwares is also performed. The analysis shows that there has been a big improvement in coding techniques utilized by ransomware which will eventually turn out a good detection system that considerably reduces the quantity of victim information loss.

show abstract

Section: Machine-learning Based Approachmentioning

confidence: 99%

Ransomware Threat, Attack, Prevention and Cure on Window Platform

Sharma*,

Singh

2020

IJITEE

View full text Add to dashboard Cite

show abstract

“…Many researchers (Andronio et al 2015;Lee et al 2016;Kharraz et al 2016;Sgandurra et al 2016;Zscaler 2016) agree that crypto-ransomware's typical behaviour involves the manipulation of files and displaying a threatening message, which can be identified through the ransomware's use of Windows API function calls. It is possible to monitor read, encrypt, and delete operations called at the user-level, which are then passed onto the kernel to the input/output (I/O) scheduler (Kharraz et al 2016).…”

Section: Related Workmentioning

confidence: 99%

“…Cuckoo Sandbox allows the submission of Dynamic Linked Libraries (DDLs), Java files, binary executables, URLs, MS Office documents, and PDFs as samples (Ferrand 2015). Several researchers have developed analysis systems for the detection and classification of ransomware threats including Unveil (Kharraz et al 2016), HelDroid (Andronio et al 2015), EldeRan (Sgandurra et al 2016), and CloudRPS (Lee et al 2016). Kharraz et al (2016) developed a ransomware detection and classification system called Unveil that identifies ransomware based on its behavioural constructs.…”

Section: Tools and Strategies For Analysing Ransomwarementioning

confidence: 99%

See 1 more Smart Citation

Ransomware deployment methods and analysis: views from a predictive model and human responses

Hull

John²,

Arief

2019

Crime Sci

View full text Add to dashboard Cite

Ransomware incidents have increased dramatically in the past few years. The number of ransomware variants is also increasing, which means signature and heuristic-based detection techniques are becoming harder to achieve, due to the ever changing pattern of ransomware attack vectors. Therefore, in order to combat ransomware, we need a better understanding on how ransomware is being deployed, its characteristics, as well as how potential victims may react to ransomware incidents. This paper aims to address this challenge by carrying out an investigation on 18 families of ransomware, leading to a model for categorising ransomware behavioural characteristics, which can then be used to improve detection and handling of ransomware incidents. The categorisation was done in respect to the stages of ransomware deployment methods with a predictive model we developed called Randep. The stages are fingerprint, propagate, communicate, map, encrypt, lock, delete and threaten. Analysing the samples gathered for the predictive model provided an insight into the stages and timeline of ransomware execution. Furthermore, we carried out a study on how potential victims (individuals, as well as IT support staff at universities and SMEs) detect that ransomware was being deployed on their machine, what steps they took to investigate the incident, and how they responded to the attack. Both quantitative and qualitative data were collected through questionnaires and in-depth interviews. The results shed an interesting light into the most common attack methods, the most targeted operating systems and the infection symptoms, as well as recommended defence mechanisms. This information can be used in the future to create behavioural patterns for improved ransomware detection and response. which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

show abstract

“…Recently, and in parallel with the development of local-level solutions, the research community studied the impact of the cryptoransomware on communication processes. This prompted the publication of the first proposals based on analyzing network features in emerging scenarios, as is the case of [10,58] at Internet of Things (IoT) or [42] at Cloud Computing. As indicated by Cabaj et al [8], the list of IP addresses with which each ransomware specimen tries to communicate with C&C server tends to be similar with those of previous detected threats.…”

Section: Countermeasuresmentioning

confidence: 99%

A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

Monge

Vidal

Villalba

2018

Proceedings of the 13th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

In the last decade, crypto-ransomware evolved from a family of malicious software with scarce repercussion in the research community, to a sophisticated and highly effective intrusion method positioned in the spotlight of the main organizations for cyberdefense. Its modus operandi is characterized by fetching the assets to be blocked, their encryption, and triggering an extortion process that leads the victim to pay for the key that allows their recovery. This paper reviews the evolution of crypto-ransomware focusing on the implication of the different advances in communication technologies that empowered its popularization. In addition, a novel defensive approach based on the Self-Organizing Network paradigm and the emergent communication technologies (e.g. Software-Defined Networking, Network Function Virtualization, Cloud Computing, etc.) is proposed. They enhance the orchestration of smart defensive deployments that adapt to the status of the monitoring environment and facilitate the adoption of previously defined risk management policies. In this way it is possible to efficiently coordinate the efforts of sensors and actuators distributed throughout the protected environment without supervision by human operators, resulting in greater protection with increased viability CCS CONCEPTS• Security and privacy → Network Security; Malware and its mitigation; • Networks → Network management;

show abstract

CloudRPS: a cloud analysis based enhanced ransomware prevention system

Cited by 42 publications

References 18 publications

Ransomware Threat, Attack, Prevention and Cure on Window Platform

Ransomware Threat, Attack, Prevention and Cure on Window Platform

Ransomware deployment methods and analysis: views from a predictive model and human responses

A novel Self-Organizing Network solution towards Crypto-ransomware Mitigation

Contact Info

Product

Resources

About