Ransomware attacks are not a new idea, but their prevalence has risen dramatically in recent times. A key explanation for this is the financial compensation that the perpetrator stands to gain, as well as the fact that crypto-currency allows for anonymous transactions. Initially a single-host menace, ransomware is rapidly developing to conduct more sophisticated attacks by spreading through a network of hosts. One of the most difficult aspects of defending from these attacks is that every ransomware caucus is always evolving, rendering individual samples unidentifiable. Common signature-based countermeasures, such as those used to fight viruses, are made ineffective as a result. Furthermore, attempting to reverse engineer each sample in order to develop successful countermeasures or solutions is an expensive venture. Much more so now that ransomware writers are beginning to use complicated methods ensuring that getting to the original source code more difficult.
The researcher believes that a more general detection approach can be used to find a solution. It should be focused on the traits that all ransomware families share. This should help to shift the focus of research from samples to families. I collect meta-data about the files that are read and written during ransomware attacks using easy and fast metrics and applied a qualitative mode of data collection. These attacks have a common pattern of attempting to encrypt all of the victims' data. Encrypted files have a significant increase in entropy while the data size remains relatively unchanged. These characteristics can also be seen in normal user behaviour, such as when a user encrypts a file. As a result, we must allow encryption while also imposing a frequency limit to ensure that regular user traffic does not result in false positives.
Table of Contents
Acknowledgements
1.0 ABSTRACT
2.0 INTRODUCTION
3.0 LITERATURE REVIEW
3.1 Ransomware comes in a variety of forms.
3.2 Phases of Ransomware
3.3 An attack channel for ransomware
3.4 The Ransomware Process
4.0 Research Question
4.1 Is it possible to detect ransomware on a network that is using the samba protocol?
5.0 METHODOLOGY
5.1 Sampling method
6.0 RESEARCH FINDINGS
6.1 Dependability and validity
7.0 DISCUSSION
8.1 Preventive Measures
8.2 Email etiquette
8.3 Advanced monitoring and recognition
8.4 Disaster recovery and backups
9.0 CONCLUSION
10.0 REFERENCES
- Quote paper
- Rhoda Kariuki (Author), 2023, Critical Analysis of Ransomware in Relation to Cybercrime, Munich, GRIN Verlag, https://www.grin.com/document/1375124
-
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X. -
Upload your own papers! Earn money and win an iPhone X.