An Anti-Ransomware Tool Design by Using Behavioral and Static Analysis Methods

Authors

  • B. Celiktas Applied Informatics Department, Institute of Informatics, ITU, Istanbul, Turkey
  • N. Unlu Cyber Security Engineering and Cryptography Department, Institute of Informatics, ITU, Istanbul, Turkey
  • E. Karacuha Applied Informatics Department, Institute of Informatics, ITU, Istanbul, Turkey

Keywords:

Ransomware, Encryption, Static Analysis, Behavioral Analysis, Attack Vectors

Abstract

Ransomware, which constantly improves by updating itself and transferring to the network and computing environment, is the most common type of malware used by the attackers recently. Ransomware demands ransom from the user for decrypting the encrypted files. As a result of the payment of the desired amount of ransom, the files can be opened with the decryption key delivered to the user. Various antivirus software using static analysis methods fails to detect the malware because it performs analysis via hash signature samples in databases. Because hash signature samples of zero-day attacks are not recorded in anti-virus databases, detecting malware by using behavioral analysis methods is more effective. Anti-ransomware in the hybrid structure using static analysis methods, along with behavioral analysis methods, will be even more successful in detecting and preventing ransomware with minimum false-positive rate and minimal file loss. As a result of a comprehensive review of related literature and professional reports on ransomware, the attack vectors of the ransomware, the core features, the identification methods and the movements based on the Windows Operating Systems have been found. This study presents the behavior of the ransomware in detail and explains how should an anti-ransomware tool be created to detect and prevent ransomware on Windows Operating Systems.

 

References

N. Sacife, H. Carter, P. Traynor and K. R.B Butler, “CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data”, IEEE 36th International Conference on Distributed Computing Systems, 2016.

A. Bhardwaj, V. Avasthi, H. Sastry and G. V. B. Subrahmanyam, "Ransomware Digital Extortion: A Rising New Age Threat", Indian Journal of Science and Technology, Vol 9(14), 2016.

M. Wecksten, J. Frick, A. Sjostrom and E. Jarpe, “A Novel Method for Recovery from Crypto Ransomware Infections”, 2nd IEEE International Conference on Computer and Communications, 2016.

M. H. U. Salvi, & M. R. V. Kerkar, “Ransomware: A cyber-extortion”, Asian Journal of Convergence in Technology, 2(3), 2016.

A. Zahra and A. S.Munam, “IoT Based Ransomware Growth Rate Evaluation and Detection Using Command and Control Blacklisting”, Proceedings of the 23rd International Conference on Automation & Computing, University of Huddersfield, Huddersfield, UK, 7-8, 2017.

CheckPoint, “Ransomware: Attack Trends, Prevention, And Response”, White Paper, 2017.

A. Liska and T. Gallo, “Ransomware: Defending Against Digital Extortion”, O’Reilly Media, Inc., 2016.

V. Kotov, M. S. Rajpal, “In-Depth Analysis of the Most Popular Malware Families”, Bromium, Understanding Crypto-Ransomware Report, 2014.

N. Hampton and Z. A. Baig, “Ransomware: Emergence of the cyber-extortion menace,” Aust. Inf. Secure. Manag. Conf., vol. 2015, pp. 47–56, 2015.

A. Adamov, A. Carlsson, "The state of ransomware. Trends and mitigation techniques", vol. 00, no., pp. 1-8, Doi:10.1109/ EWDTS. 2017.8110056, 2017.

N. Hampton and Z. A. Baig, “Ransomware: Emergence of the cyber-extortion menace,” Aust. Inf. Secure. Manag. Conf., vol. 2015, pp. 47–56, 2015.

Kaspersky Lab, “Kaspersky Security Bulletin, Story of The Year: The Ransomware Revolution”, Report, 2016.

B. Heater, “How ransomware conquered the world”, PC Magazine Digital Edition, 2016.

Symantec, “CryptoDefense, the CryptoLocker Imitator, Makes Over $34,000 in One Month”, Symantec Security Response, 2014.

A. Liska, T. Gallo, “Ransomware: Defending Against Digital Extortion”, O`Reilly Media, Inc. First Ed., 2016.

T. Anjana, “Discussion On Ransomware, WannaCry Ransomware, and Cloud Storage Services Against Ransom Malware Attacks”, IJRTI, Vol.2, Issue 6, ISSN: 2456-3315, 2017.

Webroot, “MSP Guide: Stopping Crypto Ransomware Infections in SMBs, 16 Easy Actions for MSPs”, White Paper, 2017

A. Anubhav and R. Ellur, “Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection”, Threat Research, Advanced Malware, FireEye, 2016.

U.K. Singh, C. Joshi, and S.K. Singh. "Zero-day Attacks Defense Technique for Protecting System against Unknown Vulnerabilities", International Journal of Scientific Research in Computer Science and Engineering, 5(1), 2017.

Malwarebytes, “Cybercrime tactics and techniques”, Report, Q1 2017.

Downloads

Published

2018-04-30

How to Cite

[1]
B. Celiktas, N. Unlu, and E. Karacuha, “An Anti-Ransomware Tool Design by Using Behavioral and Static Analysis Methods”, Int. J. Sci. Res. Comp. Sci. Eng., vol. 6, no. 2, pp. 1–9, Apr. 2018.

Issue

Vol. 6 No. 2 (2018): April

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.

Similar Articles

1 2 3 4 5 6 7 8 9 10 > >> 

You may also start an advanced similarity search for this article.