Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Gómez Hernández, José Antonio; García Teodoro, Pedro; Magán Carrión, Roberto; Rodríguez Gómez, Rafael

doi:10.3390/electronics12214494

Cited by 6 publications

(8 citation statements)

References 223 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The final, most common, and arguably most harmful type of ransomware is cryptoransomware [2,4]. As the name implies, it encrypts user data, such as work-related and private documents.…”

Section: Introductionmentioning

confidence: 99%

“…The increasing number of ransomware attacks in recent years has led to a corresponding rise in research dedicated to ransomware detection. The methods can be broadly divided into static, which attempt to recognize ransomware without letting it execute, and dynamic, which focus on monitoring the consequences of executing ransomware [2][3][4]. Both approaches increasingly rely on machine learning, and both work well as complementary methods [6].…”

Section: Introductionmentioning

confidence: 99%

“…When pursuing this approach, time is of the essence-the faster the detection, the fewer user files will be lost. Optimally, ransomware would be detected before the malware had a chance to commence encryption, i.e., either during staging, when it embeds itself in the system and establishes communications with the outside world, or during scanning, when it searches for user data [2,4,6]. However, if early detection fails, there is value in recognizing the infections even during the encryption stage, since it can limit the number of lost files.…”

Section: Introductionmentioning

confidence: 99%

“…Similarly, monitoring registry keys provides insight both into ongoing encryption and the early stages of the attack [10]. Other published approaches include measuring file entropy [10], DLLs [11], and network traffic [12], as well as monitoring decoys and traps placed in the file system [4,13]. While they too gave promising results, we chose not to include them to keep our detection system as light as possible while maintaining high prediction accuracy.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

MIRAD: A Method for Interpretable Ransomware Attack Detection

Marcinkowski,

Goschorska,

Wileńska

et al. 2024

Preprint

View full text Add to dashboard Cite

In the face of escalating crypto-ransomware attacks, which encrypt user data for ransom, our study introduces a significant advancement in dynamic ransomware detection. We develop an innovative machine learning model capable of identifying ransomware activity. This model is uniquely trained in a simulated user environment, enhancing detection accuracy under realistic conditions and addressing the imbalances typical of ransomware datasets. A notable aspect of our approach is the emphasis on interpretability. We employ a simplified version of Generalized Additive Models (GAMs), ensuring clarity in how individual features influence predictions. This is crucial for minimizing false positives, a common challenge in dynamic detection methods. Our contributions to the field include a Python library for easy application of our detection method, and a comprehensive, publicly available ransomware detection dataset. These resources aim to facilitate broader research and implementation in ransomware defense.

show abstract

“…The final, most common, and arguably most harmful type of ransomware is cryptoransomware [2,4]. As the name implies, it encrypts user data, such as work-related and private documents.…”

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

MIRAD: A Method for Interpretable Ransomware Attack Detection

Marcinkowski,

Goschorska,

Wileńska

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…With the widespread adoption of this technology, cybercriminals use forged identities or stolen credit cards to take advantage of free offers to mine cryptocurrencies provided by cloud service providers [13]. Cybercrimes, particularly hacking and ransomware, are associated with cryptocurrencies [14][15][16]. This further complicates the investigation of such crimes, as there is currently no legislation regarding the seizure of virtual assets.…”

Section: Introductionmentioning

confidence: 99%

Cryptocurrency Crime Risks Modeling: Environment, E-Commerce, and Cybersecurity Issue

Kovalchuk,

Shevchuk,

Banakh

2024

IEEE Access

View full text Add to dashboard Cite

Digital trends like blockchain have led to cryptocurrency payments becoming popular in ecommerce. While cryptocurrencies have benefited users, they have also attracted criminals who use them to commit cyberattacks and harm security. In this research paper, we present an analysis of the following factors that can strongly influence the development of the cryptocurrency environment and be associated with cryptocurrency-related crime at the national level: GDP, digital development, e-commerce market size, the level of mass adoption of cryptocurrency, the level of national cybersecurity, and fraud in cryptocurrency crime for selected countries worldwide. By applying correspondence analysis, we constructed visually intuitive models based on assessments from the global data and business intelligence platform and official statistical reports. We have established a fairly strong positive correlation between fraud in cryptocurrency crime and digital development, e-commerce market size, and the level of mass adoption of cryptocurrency; a fairly strong negative correlation between the level of fraud in cryptocurrency crime and the level of cybersecurity in a specific country; a fairly strong positive correlation between the level of mass adoption of cryptocurrency and the level of cybersecurity. The proposed models give decision-makers a clear understanding of the key factors in cryptocurrency that pose a high risk of related crime.

show abstract