This paper also presents an insight to the ransomware threat and provides a basic review of the methods and techniques used in the detection and analysis of ransomware attacks. As a result of the study, potential information about the attacker were found to be accessible through characteristic behavior analysis of the onion ransomware, which was analyzed in accordance with the proposed method. In this study, an effective detection and analysis method against ransomware was proposed, and the proposed method was discussed in detail with a case study. Although security mechanisms such as firewalls, anti-virus programs, and automated analysis programs have been developed to combat this threat, these mechanisms have little success and fail to protect the valuable assets stored in local or cloud storage resources. Ransomware infiltrate victim systems in various ways, usually encrypt files in the system, and demand a ransom to allow user access to the encrypted files again. Recently, the attackers have started to use ransom software (ransomware) as an effective method of cyberattack because of their profitability. While information technologies grow and propagate worldwide, malwares have modified and risen their efficiency towards information system. A close examination on the file system activities of multiple ransomware samples suggests that by looking at I/O requests and protecting Master File Table (MFT) in the NTFS file system, it is possible to detect and prevent a significant number of zero-day ransomware attacks. For example, we show that by monitoring abnormal file system activity, it is possible to design a practical defense system that could stop a large number of ransomware attacks, even those using sophisticated encryption capabilities. Our analysis also suggests that stopping advanced ransomware attacks is not as complex as it has been previously reported. In fact, our analysis reveals that in a large number of samples, the malware simply locks the victim’s computer desktop or attempts to encrypt or delete the victim’s files using only superficial techniques. Our results show that, despite a continuous improvement in the encryption, deletion, and communication techniques in the main ransomware families, the number of families with sophisticated destructive capabilities remains quite small. We also provide a holistic view on how ransomware attacks have evolved during this period by analyzing 1,359 samples that belong to 15 different ransomware families. In this paper, we present the results of a long-term study of ransomware attacks that have been observed in the wild between 20.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |