Ransomware Classification Using Hardware Performance Counters on a Non-Virtualized System

Abstract: Ransomware is a type of malicious software designed to encrypt a user's important data for the purpose of extortion, with a global annual impact of billions of dollars in damages. This research proposes a side-channel-based ransomware detection method that utilizes the microarchitectural sidechannel accessed through hardware performance counters. Unlike most ransomware research, which relies on virtual machines to easily restore a system to its uncompromised, pre-encrypted state, this work leverages thousands … Show more