Abstract
Ransomware is a special type of malware, which infects a system and limits user’s access to the system and its resources until a ransom is paid. It does that by creating a denial of service of a system to its own user by encrypting files and/or locking the machine. The malware takes advantage of people’s fear of revealing their private information, losing their critical data, or facing serious hardware damage. Some of the most recent well-known ransomware include WannaCry, Petya, Bad Rabbit, and Baltimore City. Ransomware creators use a special technique called obfuscation to evade detection by antivirus software. The degree of antivirus detection depends on the complexity of the obfuscation process. The purpose of this research is to assess the efficiency of current malware analysis methods and technologies in the detection of ransomware as well as prevention methods to keep files safe using cloud computing. The experiments presented here were performed using antivirus engines and dynamic malware analysis against live obfuscated ransomware samples.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kaspersky. What is WannaCry Ransomware. https://www.kaspersky.com/resource-center/threats/ransomware-wannacry (2020)
Norton. What you need to know about the Petya ransomware outbreak (2017). https://us.norton.com/internetsecurity-emerging-threats-what-to-know-petya-ransomware.html
Bad Rabbit: A new ransomware epidemic is on the rise (2020). https://www.kaspersky.com/blog/bad-rabbit-ransomware/19887/
Cabaj, K., Gregorczyk, M., Mazurczyk, W.: Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Comput. Electr. Eng. 66(C), 1–14 (2018)
Okane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secure. Priv. 9(5), 41–47 (2011)
VirusTotal. https://www.virustotal.com/gui/. Accessed 14 Feb 2020
Surati, S.B., Prajapati, G.I.: A review on ransomware detection & prevention. Int. J. Res. Sci. Innov. (IJRSI) IV(IX), 86–91 (2017)
Kharraz, A., Robertson, W., Balzarotti, D., Bilge4, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: DIMVA, pp. 1–20 (2015)
Richardson, R., North, M.: Ransomware: evolution, mitigation and prevention. Int. Manag. Rev. 13(1), 0–22 (2017)
Kok, S., Abdullah, A., Jhanjhi, N., Supramaniam, M.: Ransomware, threat and detection techniques: a review. IJCSNS Int. J. Comput. Sci. Netw. Secur. 19(2), 136–146 (2019)
Rossow, C., Dietrich, C., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., Steen, M.V.: Prudent practices for designing malware experiments: status quo and outlook. In: IEEE Symposium on Security and Privacy, pp. 66–79 (2012)
Hampton, N., Baig, Z., Zeadally, S.: Ransomware behavioral analysis on windows platforms. J. Inf. Secur. Appl. 40, 44–51 (2018)
Kardile, A.B.: Crypto ransomware analysis and detection using process monitor. MS Thesis Presented to the University of Texas at Arlington (2017)
Jethva, B.A.: New Ransomware Detection Scheme based on Tracking File Signature and File Entropy. MS Thesis presented to the University of Victoria (2014)
Fedler, R., Schuttle, J., Kulike, M.: On the Effectiveness of Malware Protection on Android: an Evaluation of Android Antivirus Apps. Fraunhofer AISEC, 2–35 (2013)
Sechel, S.: A comparative assessment of obfuscated ransomware detection methods. Informatica Economică 23(2), 45–62 (2019)
Morales, J.A., Sandhu, R., Xu, S.: Evaluating detection and treatment effectiveness of commercial anti-malware programs. In: Fifth International Conference on Malicious and Unwanted Software, pp. 31–38 (2010)
Kharraz, A., Robertson, W., Kirda, E.: Protecting against ransomware: a new line of research or restating classic ideas? IEEE Secur. Privacy 16(3), 103–107 (2018)
VMware. https://www.vmware.com/. Accessed 15 Jan 2020
IDA Freeware. https://www.hex-rays.com/products/ida/support/download_freeware/. Accessed 14 Feb 2020
Ghidra. https://ghidra-sre.org/. Accessed 24 Feb 2020
Themida. https://themida.en.softonic.com. Accessed 23 Feb 2020
theZoo https://github.com/ytisf/theZoo. Accessed 11 Mar 2020
Agrawal, M., Mishra, P.: A comparative survey on symmetric key encryption techniques. Int. J. Comput. Sci. Eng. (IJCSE) 4(1), 877–883 (2012)
Lemmou, L., Souidi, E.M.: Infection, self-reproduction and over infection in ransomware: the case of teslacrypt. In: International Conference on Cyber Security and Protection of Digital Services, pp. 212–220 (2018)
Reaves, J.: A Case Study into solving Crypters/Packers in Malware Obfuscation using an SMT approach. academia.edu (2018)
Yan, W., Zhang, Z., Ansari, N.: Revealing packed malware. IEEE Secur. Privacy Mag. 6(5), 65–69 (2008)
Lau, B., Svajcer, V.: Measuring virtual machine detection in malware using DSD tracer. J. Comput. Virol. 6(3), 181–195 (2008)
Song, S., Kim, B., Lee, L.: The effective ransomware prevention technique using process monitoring on Android platform. Hindawi Publ. Corporation Mob. Inf. Syst. 16, 1–9 (2016)
Microsoft OneDrive. https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage. Accessed 10 Apr 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ghafarian, A., Keskin, D., Helton, G. (2021). An Assessment of Obfuscated Ransomware Detection and Prevention Methods. In: Arai, K. (eds) Advances in Information and Communication. FICC 2021. Advances in Intelligent Systems and Computing, vol 1363. Springer, Cham. https://doi.org/10.1007/978-3-030-73100-7_56
Download citation
DOI: https://doi.org/10.1007/978-3-030-73100-7_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73099-4
Online ISBN: 978-3-030-73100-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)