Skip to main content
SpringerLink
Log in

A Roadmap for Improving the Impact of Anti-ransomware Research

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11875))

Included in the following conference series:

Abstract

Ransomware is a type of malware which restricts access to a victim’s computing resources and demands a ransom in order to restore access. This is a continually growing and costly threat across the globe, therefore efforts have been made both in academia and industry to develop techniques that can help to detect and recover from ransomware attacks. This paper aims to provide an overview of the current landscape of Windows-based anti-ransomware tools and techniques, using a clear, simple and consistent terminology in terms of Data Sources, Processing and Actions. We extensively analysed relevant literature so that, to the best of our knowledge, we had at the time covered all approaches taken to detect and recover from ransomware attacks. We grouped these techniques according to their main features as a way to understand the landscape. We then selected 15 existing anti-ransomware tools both to examine how they fit into this landscape and to compare them by aggregating their accuracy and overhead – two of the most important selection criteria of these tools – as reported by the tools’ respective authors. We were able to determine popular solutions and unexplored gaps that could lead to promising areas of anti-ransomware development. From there, we propose two novel detection techniques, namely serial byte correlation and edit distance. This paper serves as a much needed roadmap of knowledge and ideas to systematise the current landscape of anti-ransomware tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Varonis: A brief history of ransomware (2016) https://www.varonis.com/blog/a-brief-history-of-ransomware/

  2. Young, A., Yung, M.: Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 129–140, May 1996

    Google Scholar 

  3. Arsene, L., Gheorghe, A.: Ransomware, a victims perspective (2016). http://www.bitdefender.com/media/materials/white-papers/en/Bitdefender_Ransomware_A_Victim_Perspective.pdf

  4. Dunn, J.E.: Sophoslabs (2018). https://nakedsecurity.sophos.com/2018/11/14/targeted-ransomware-attacks-sophoslabs-2019-threat-report/

  5. Cartwright, E., Hernandez Castro, J., Cartwright, A.: To pay or not: game theoretic models of ransomware. J. Cybersecur. 5(1) (2019). https://doi.org/10.1093/cybsec/tyz009

  6. Hernandez-Castro, J., et al.: Economic analysis of ransomware. CoRR, abs/1703.06660 (2017). http://arxiv.org/abs/1703.06660

  7. Kevin Savage, H.L., Coogan, P.: The evolution of ransomware, August 2015. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf

  8. Hart, N.: The New Economy (2018). https://www.theneweconomy.com/technology/raas-satans-business-model

  9. BBC News: Huge aluminium plants hit by ‘severe’ ransomware attack (2019). https://www.bbc.co.uk/news/technology-47624207

  10. No More Ransom (2019). https://www.nomoreransom.org

  11. Trend Micro: Best practices: Ransomware (2017). https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/best-practices-ransomware

  12. Al-rimy, B.A.S., et al.: Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput. Secur. 74, 144–166 (2018)

    Article  Google Scholar 

  13. Ahmadian, M.M., Shahriari, H.R., Ghaffarian, S.M.: Connection-monitor connection-breaker: a novel approach for prevention and detection of high survivable ransomwares. In: 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pp. 79–84, September 2015

    Google Scholar 

  14. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1

    Chapter  Google Scholar 

  15. Scaife, N., et al.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312, June 2016

    Google Scholar 

  16. Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6(1), 77–90 (2010)

    Article  Google Scholar 

  17. Mercaldo, F., et al.: Ransomware inside out. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 628–637, August 2016

    Google Scholar 

  18. Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on Android platform. Mob. Inf. Syst. 2016 (2016). Article ID 2946735, 9 p. https://doi.org/10.1155/2016/2946735

    Google Scholar 

  19. Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, pp. 336–347. ACM, New York (2016)

    Google Scholar 

  20. Kharraz, A., et al.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (USENIXSecurity 16), pp. 757–772. USENIX (2016)

    Google Scholar 

  21. Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382–404. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_18

    Chapter  Google Scholar 

  22. Palisse, A., Durand, A., Le Bouder, H., Le Guernic, C., Lanet, J.-L.: Data Aware Defense (DaD): towards a generic and practical ransomware countermeasure. In: Lipmaa, H., Mitrokotsa, A., Matulevičius, R. (eds.) NordSec 2017. LNCS, vol. 10674, pp. 192–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70290-2_12

    Chapter  Google Scholar 

  23. Alam, M., et al.: RAPPER: ransomware prevention via performance counters. abs/1802.03909 (2018). http://arxiv.org/abs/1802.03909

  24. Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_5

    Chapter  Google Scholar 

  25. Greenberg, A.: The untold story of NotPetya, the most devastating cyberattack in history (2018). https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

  26. Hull, G., John, H., Arief, B.: Ransomware deployment methods and analysis: views from a predictive model and human responses. Crime Sci. 8(1) (2019). https://doi.org/10.1186/s40163-019-0097-9

  27. Microsoft: File system minifilter drivers - windows drivers — microsoft docs (2017). https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/file-system-minifilter-drivers

  28. Sabić, N.: Fibratus (2016). https://github.com/rabbitstack

  29. Ahmadian, M.M., Shahriari, H.R.: 2entFOX: a framework for high survivable ransomwares detection. In: 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), pp. 79–84, September 2016

    Google Scholar 

  30. Sgandurra, D., et al.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020 (2016)

  31. Baek, S., et al.: SSD-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 875–884, July 2018

    Google Scholar 

  32. Kolodenker, E., et al.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM (2017)

    Google Scholar 

  33. Genç, Z.A., Lenzini, G., Ryan, P.Y.A.: No random, no ransom: a key to stop cryptographic ransomware. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 234–255. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93411-2_11

    Chapter  Google Scholar 

  34. Virus Total: Virustotal-free online virus, malware and URL scanner (2012). https://www.virustotal.com/en

  35. DTREG: Decision trees compared to regression and neural networks (2019). https://www.dtreg.com/methodology/view/decision-trees-compared-to-regression-and-neural-networks

  36. Microsoft: Detours (2016). https://github.com/Microsoft/

  37. Digital Corpora (2018). https://digitalcorpora.org

  38. Lokuketagoda, B., et al.: R-killer: an email based ransomware protection tool. In: 2018 13th International Conference on Computer Science Education (ICCSE), pp. 1–7, August 2018

    Google Scholar 

  39. Gómez-Hernández, J., et al.: R-locker: thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 73, 389–398 (2018)

    Article  Google Scholar 

  40. Moore, C.: Detecting ransomware with honeypot techniques. In: 2016 Cybersecurity and Cyberforensics Conference (CCC), pp. 77–81, August 2016

    Google Scholar 

  41. BitDefender (2019). https://www.bitdefender.com/business/cyber-threats-solutions/anti-ransomware.html

  42. MalwareBytes (2019). https://www.malwarebytes.com/business/solutions/ransomware/

Download references

Acknowledgement

Part of the work presented in this paper has been funded by the UK Engineering and Physical Sciences Research Council (EPSRC) Project EP/P011772/1 on the EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS).

Author information

Authors and Affiliations

  1. University of Kent, Canterbury, UK

    Jamie Pont, Osama Abu Oun, Calvin Brierley, Budi Arief & Julio Hernandez-Castro

Authors
  1. Jamie Pont
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Osama Abu Oun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Calvin Brierley
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Budi Arief
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Julio Hernandez-Castro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Budi Arief .

Editor information

Editors and Affiliations

  1. Aarhus University, Aarhus, Denmark

    Aslan Askarov

  2. Aalborg University, Aalborg, Denmark

    René Rydhof Hansen

  3. IT University of Copenhagen, Copenhagen, Denmark

    Willard Rafnsson

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pont, J., Abu Oun, O., Brierley, C., Arief, B., Hernandez-Castro, J. (2019). A Roadmap for Improving the Impact of Anti-ransomware Research. In: Askarov, A., Hansen, R., Rafnsson, W. (eds) Secure IT Systems. NordSec 2019. Lecture Notes in Computer Science(), vol 11875. Springer, Cham. https://doi.org/10.1007/978-3-030-35055-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35055-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35054-3

  • Online ISBN: 978-3-030-35055-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation