Signature-less ransomware detection and mitigation

Ransomware is a challenging threat that encrypts a user's files until some ransom is paid by the victim. This type of malware is a profitable business for attackers, generating millions of dollars annually. Several approaches based on signature matching have been proposed to detect ransomware i...

Full description

Saved in:
Bibliographic Details
Published in:Journal of Computer Virology and Hacking Techniques 2021-12, Vol.17 (4), p.299-306
Main Authors: Joshi, Yash Shashikant, Mahajan, Harsh, Joshi, Sumedh Nitin, Gupta, Kshitij Pradeep, Agarkar, Aarti Amod
Format: Article
Language:English
Subjects:
Computer Science
Cybersecurity
Entropy (Information theory)
Malware
Original Paper
Ransomware
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Ransomware is a challenging threat that encrypts a user's files until some ransom is paid by the victim. This type of malware is a profitable business for attackers, generating millions of dollars annually. Several approaches based on signature matching have been proposed to detect ransomware intrusions but they fail to detect ransomware whose signature is unknown. We try to detect ransomware's behaviour with the help of a mini-filter driver using a signature-less detection method. The proposed technique combines the working of Shannon’s entropy and fuzzy hash to provide better results in detecting ransomware. Not only this technique has been practically tested but has been successful in detecting over 95% of the tested ransomware attacks on windows operating systems.
ISSN:2263-8733
2263-8733
DOI:10.1007/s11416-021-00384-0