No Random, No Ransom: A Key to Stop Cryptographic Ransomware

@inproceedings{Gen2018NoRN,
  title={No Random, No Ransom: A Key to Stop Cryptographic Ransomware},
  author={Ziya Alper Genç and Gabriele Lenzini and Peter Y. A. Ryan},
  booktitle={DIMVA},
  year={2018}
}
To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to mitigate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized… 

Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware

It is argued that recovery of data might be possible if the ransomware cannot access high entropy randomness sources, and provided a decryptor program for a previously undefeated ransomware.

NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

An implementation of that solution is discussed that is more secure, more effective and more efficient than the original, bringing its security and technological readiness to a higher level.

Ransomware Attack Protection: A Cryptographic Approach

In this algorithm, a method of locking the file is presented, ensuring that no other process can access and perform an encryption operation on the locked file for preventing the ransom attack.

Investigation of Modern Ransomware Key Generation Methods: A Review

This review paper will discuss the ransomware encryption keys research area by going through the previous work of the researchers who focused their study on the ransomwareryption keys, from the point of how the ransomware authors get their keys, where they generate them, how they manage those keys in order to keep them safe and away from the victim.

On Deception-Based Protection Against Cryptographic Ransomware

This paper analyze existing decoy strategies and discusses how they are effective in countering current ransomware by defining a set of metrics to measure their robustness, and implements a proof-of-concept anti-decoy ransomware that successfully bypasses decoys by using a decision engine with few rules.

Next Generation Cryptographic Ransomware

It is argued that among them there will be some which will try to defeat current anti-ransomware; thus, one can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti- ransomware are currently implementing.

A Survey on Ransomware Detection Techniques

This paper is attempting to review the existing solutions based on the methodology adopted and validate them using specific performance metrics, to help improve the detection and prevention of ransomware attacks.

A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms

This work provides a systematic review of ransomware countermeasures starting from its deployment on the victim machine until the ransom payment via cryptocurrency and proposes a roadmap for researchers to fill the gaps found in the literature in ransomware’s battle.

Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions

A set of unified metrics to evaluate published studies on ransomware mitigation are proposed, and applied the metrics to 118 such studies to comprehensively compare and contrast their pros and cons, with the attempt to evaluate their relative strengths and weaknesses.

References

SHOWING 1-10 OF 17 REFERENCES

Ransomware and the Legacy Crypto API

Two original countermeasures allowing victims to decrypt their files without paying are introduced, one takes advantage of the weak mode of operation used by some ransomware, and the other intercepts calls made to Microsoft’s Cryptographic API.

PayBreak: Defense Against Cryptographic Ransomware

The approach, prototype implementation, and evaluation of a novel, automated, and most importantly proactive defense mechanism against ransomware, called PayBreak, which effectively combats ransomware, and keeps victims' files safe.

CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data

CryptoDrop is presented, an early-warning detection system that alerts a user during suspicious file activity that significantly mitigates the amount of victim data loss and can be parameterized for rapid detection with low false positives.

UNVEIL: A large-scale, automated approach to detecting ransomware (keynote)

The evaluation shows that UNVEIL significantly improves the state of the art, and is able to identify previously unknown evasive ransomware that was not detected by the antimalware industry.

ShieldFS: a self-healing, ransomware-aware filesystem

ShieldFS, an add-on driver that makes the Windows native filesystem immune to ransomware attacks, is proposed and evaluated in real-world working conditions on real, personal machines, against samples from state of the art ransomware families.

Redemption: Real-Time Protection Against Ransomware at End-Hosts

The growing number of paying victims in recent years suggests that an endpoint defense that is able to stop and recover from ransomware’s destructive behavior is needed.

Hedged Public-Key Encryption: How to Protect against Bad Randomness

This paper provides simple RO-based ways to make in-practice IND-CPA schemes hedge secure with minimal software changes and provides non-RO model schemes relying on lossy trapdoor functions (LTDFs) and techniques from deterministic encryption that achieve adaptive security by establishing and exploiting the anonymity of LTDFs which the author believes is of independent interest.

On the (im)possibility of cryptography with imperfect randomness

It is shown that certain cryptographic tasks like bit commitment, encryption, secret sharing, zero-knowledge, non-interactive zero- knowledge, and secure two-party computation for any non-trivial junction are impossible to realize if parties have access to entropy sources with slightly less-than-perfect entropy, i.e., sources with imperfect randomness.

Black-Box Assessment of Pseudorandom Algorithms

Most of the non-cryptographic pseudorandom number generators examined exhibit properties that enable various attacks and techniques, including forward and reverse prediction, seeking, and the recovery of internal state from Pseudorandom application output many orders of magnitude more quickly than naive brute-force.

Writing Secure Code

This document refers to numerous hardware and software products by their trade names as well as other companies and their products for informational purposes only.