Ransomware's Early Mitigation Mechanisms
Résumé
Ransomware remains a modern trend. Attackers are still using cryptovirology forcing victims to pay. Notable attacks have been spreading since 2012, starting with Reveton's ran-somware attack to the more recent 2017 WannaCry, Petya and Bad Rabbit cyberattacks. This Ransomware as a Service (RaaS) can lure criminals into developing tools to perform an attack without previous knowledge of the cryptosystem itself. We present in this paper a graph-based ransomware countermeasure to detect malicious threads. It is a new mechanism that doesn't rely on previously used metrics in the literature to detect ransomware such as Shannon's entropy or system calls. An accurate detection is achieved by our solution. The per-thread file system traversal is sufficient to highlight the malicious behaviors. To the best of our knowledge , no previous study has been conducted in this area. The ransomware collection used in our experiments contains more than 700 active examples of ransomware, that were analyzed in our bar metal sandbox environment.