Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks

@inproceedings{Kharraz2015CuttingTG,
  title={Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks},
  author={Amin Kharraz and William K. Robertson and Davide Balzarotti and Leyla Bilge and Engin Kirda},
  booktitle={DIMVA},
  year={2015}
}
  • Amin Kharraz, William K. Robertson, +2 authors Engin Kirda
  • Published in DIMVA 2015
  • Computer Science
  • In this paper, we present the results of a long-term study of ransomware attacks that have been observed in the wild between 2006 and 2014. [...] Key Result A close examination on the file system activities of multiple ransomware samples suggests that by looking at I/O requests and protecting Master File Table MFT in the NTFS file system, it is possible to detect and prevent a significant number of zero-day ransomware attacks.Expand Abstract

    Create an AI-powered research feed to stay up to date with new papers like this posted to ArXiv

    Citations

    Publications citing this paper.
    SHOWING 1-10 OF 160 CITATIONS

    A new ransomware detection scheme based on tracking file signature and file entropy

    VIEW 4 EXCERPTS
    CITES BACKGROUND
    HIGHLY INFLUENCED

    Analyse et détection de logiciels de rançon

    VIEW 10 EXCERPTS
    CITES BACKGROUND
    HIGHLY INFLUENCED

    Ransomware Payments in the Bitcoin Ecosystem

    VIEW 6 EXCERPTS
    CITES BACKGROUND
    HIGHLY INFLUENCED

    Improved Detection for Advanced Polymorphic Malware

    VIEW 11 EXCERPTS
    CITES BACKGROUND
    HIGHLY INFLUENCED

    Techniques and solutions for addressing ransomware attacks

    VIEW 5 EXCERPTS
    CITES BACKGROUND

    2entFOX: A framework for high survivable ransomwares detection

    VIEW 4 EXCERPTS
    CITES BACKGROUND
    HIGHLY INFLUENCED

    A Method for Blockchain Transactions Analysis

    VIEW 3 EXCERPTS
    CITES BACKGROUND
    HIGHLY INFLUENCED

    A key-management-based taxonomy for ransomware

    VIEW 3 EXCERPTS
    CITES BACKGROUND
    HIGHLY INFLUENCED

    FILTER CITATIONS BY YEAR

    2015
    2020

    CITATION STATISTICS

    • 14 Highly Influenced Citations

    • Averaged 45 Citations per year from 2017 through 2019

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 37 REFERENCES

    BitIodine: Extracting Intelligence from the Bitcoin Network

    VIEW 3 EXCERPTS
    HIGHLY INFLUENTIAL

    TTAnalyze: A Tool for Analyzing Malware

    VIEW 2 EXCERPTS
    HIGHLY INFLUENTIAL

    Guess who's back again ? Cryptowall 3

    • Malware Donapost Need, Coffee
    • 2015

    Automated Malware Analysis

    • CUCKOO FOUNDATION. Cuckoo Sandbox
    • www. cuckoosandbox.org,
    • 2014
    VIEW 1 EXCERPT

    File System Minifilter Drivers

    • Inc Microsoft
    • 2014

    Minotaur Analysis - Malware Repository . minotauranalysis . com . 2 . VX Vault - Online Repository of Malware Samples

    • C. K RUEGEL, S. H ERSHKOP, A. D. K EROMYTIS, S. J. AND S TOLFO
    • Malware Tips - Your Security Advisor
    • 2014

    Police ransomware threat assessment

    • 2014

    http://www

    • DELL SECUREWORKS. Cryptolocker Ransomware
    • secureworks.com/cyber-threat-intelligence/threats/ cryptolocker-ransomware/,
    • 2014
    VIEW 2 EXCERPTS

    A Fistful of Bitcoins Characterizing Payments Among Men with No Names

    • S A R A H M E I K L E J O H N, M A R J O R I P O M A R O L E, G R A N T J O R D A N, K I R I L L L E V C H E N K O, D A M O , G E O F F R E, Y M V O E L K E R A N D S T E F A N S A V A
    • 2013
    VIEW 1 EXCERPT