An Anti-Ransomware Tool Design by Using Behavioral and Static Analysis Methods

B. Celiktas¹ , N. Unlu² , E. Karacuha³

1. Applied Informatics Department, Institute of Informatics, ITU, Istanbul, Turkey.
2. Cyber Security Engineering and Cryptography Department, Institute of Informatics, ITU, Istanbul, Turkey.
3. Applied Informatics Department, Institute of Informatics, ITU, Istanbul, Turkey.

Correspondence should be addressed to: celiktas16@itu.edu.tr.

Section:Research Paper, Product Type: Isroset-Journal
Vol.6 , Issue.2 , pp.1-9, Apr-2018

CrossRef-DOI:   https://doi.org/10.26438/ijsrcse/v6i2.19

Online published on Apr 30, 2018

Copyright © B. Celiktas, N. Unlu, E. Karacuha . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

1631 Views    842 Downloads    266 Downloads

Abstract :
Ransomware, which constantly improves by updating itself and transferring to the network and computing environment, is the most common type of malware used by the attackers recently. Ransomware demands ransom from the user for decrypting the encrypted files. As a result of the payment of the desired amount of ransom, the files can be opened with the decryption key delivered to the user. Various antivirus software using static analysis methods fails to detect the malware because it performs analysis via hash signature samples in databases. Because hash signature samples of zero-day attacks are not recorded in anti-virus databases, detecting malware by using behavioral analysis methods is more effective. Anti-ransomware in the hybrid structure using static analysis methods, along with behavioral analysis methods, will be even more successful in detecting and preventing ransomware with minimum false-positive rate and minimal file loss. As a result of a comprehensive review of related literature and professional reports on ransomware, the attack vectors of the ransomware, the core features, the identification methods and the movements based on the Windows Operating Systems have been found. This study presents the behavior of the ransomware in detail and explains how should an anti-ransomware tool be created to detect and prevent ransomware on Windows Operating Systems.

Key-Words / Index Term :
Ransomware; Encryption; Static Analysis; Behavioral Analysis; Attack Vectors

References :
[1] N. Sacife, H. Carter, P. Traynor and K. R.B Butler, “CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data”, IEEE 36th International Conference on Distributed Computing Systems, 2016.
[2] A. Bhardwaj, V. Avasthi, H. Sastry and G. V. B. Subrahmanyam, "Ransomware Digital Extortion: A Rising New Age Threat", Indian Journal of Science and Technology, Vol 9(14), 2016.
[3] M. Wecksten, J. Frick, A. Sjostrom and E. Jarpe, “A Novel Method for Recovery from Crypto Ransomware Infections”, 2nd IEEE International Conference on Computer and Communications, 2016.
[4] M. H. U. Salvi, & M. R. V. Kerkar, “Ransomware: A cyber-extortion”, Asian Journal of Convergence in Technology, 2(3), 2016.
[5] A. Zahra and A. S.Munam, “IoT Based Ransomware Growth Rate Evaluation and Detection Using Command and Control Blacklisting”, Proceedings of the 23rd International Conference on Automation & Computing, University of Huddersfield, Huddersfield, UK, 7-8, 2017.
[6] CheckPoint, “Ransomware: Attack Trends, Prevention, And Response”, White Paper, 2017.
[7] A. Liska and T. Gallo, “Ransomware: Defending Against Digital Extortion”, O’Reilly Media, Inc., 2016.
[8] V. Kotov, M. S. Rajpal, “In-Depth Analysis of the Most Popular Malware Families”, Bromium, Understanding Crypto-Ransomware Report, 2014.
[9] N. Hampton and Z. A. Baig, “Ransomware: Emergence of the cyber-extortion menace,” Aust. Inf. Secure. Manag. Conf., vol. 2015, pp. 47–56, 2015.
[10] A. Adamov, A. Carlsson, "The state of ransomware. Trends and mitigation techniques", vol. 00, no., pp. 1-8, Doi:10.1109/ EWDTS. 2017.8110056, 2017.
[11] N. Hampton and Z. A. Baig, “Ransomware: Emergence of the cyber-extortion menace,” Aust. Inf. Secure. Manag. Conf., vol. 2015, pp. 47–56, 2015.
[12] Kaspersky Lab, “Kaspersky Security Bulletin, Story of The Year: The Ransomware Revolution”, Report, 2016.
[13] B. Heater, “How ransomware conquered the world”, PC Magazine Digital Edition, 2016.
[14] Symantec, “CryptoDefense, the CryptoLocker Imitator, Makes Over $34,000 in One Month”, Symantec Security Response, 2014.
[15] A. Liska, T. Gallo, “Ransomware: Defending Against Digital Extortion”, O`Reilly Media, Inc. First Ed., 2016.
[16] T. Anjana, “Discussion On Ransomware, WannaCry Ransomware, and Cloud Storage Services Against Ransom Malware Attacks”, IJRTI, Vol.2, Issue 6, ISSN: 2456-3315, 2017.
[17] Webroot, “MSP Guide: Stopping Crypto Ransomware Infections in SMBs, 16 Easy Actions for MSPs”, White Paper, 2017
[18] A. Anubhav and R. Ellur, “Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection”, Threat Research, Advanced Malware, FireEye, 2016.
[19] U.K. Singh, C. Joshi, and S.K. Singh. "Zero-day Attacks Defense Technique for Protecting System against Unknown Vulnerabilities", International Journal of Scientific Research in Computer Science and Engineering, 5(1), 2017.
[20] Malwarebytes, “Cybercrime tactics and techniques”, Report, Q1 2017.