Ransomware Detection and Defense

Abstract

Like other criminals in world, cyber-criminals are using different illegal and unethical ways to gain their mischievous purposes. Malware known as Ransomware is a new threat to world used by cyber hackers to blackmail individuals and organizations and has been identified as a major threat to network and computer security across the world [1]. Ransomware lock victim’s computer by encrypting user files and demands payment often in crypto currency i.e. Bitcoins to give access to files. Research showed that 19,750 victims paid over $16 million as ransom payment in two years [2]. Due to increasing amount of ransomware attacks, different software and hardware level techniques are proposed to detect and mitigate ransomware attacks and to recover user files without ransom payment. Pay Break is a proactive defense mechanism on software level against ransomware that allow victim to recover files without any ransom payment. Furthermore, ransomware variants could get kernel privilege, that let them to shutdown software-based system defense. Considering this, first hardware level defense system is proposed named Flash Guard which is resistant against ransomware that use kernel vulnerabilities.