Detection and prevention of crypto-ransomware

• Published in: UEMCON : 2017 IEEE 8th annual Ubiquitous Computing, Electronics and Mobile Communication Conference : 19-21 October 2017 pp. 472 - 478
• Main Authors: Gonzalez, Daniel, Hayajneh, Thaier
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2017
• Subjects: Bitcoin; Crypto-Ransomware; Cryptographic Ransomware (CGR); Domain Generated Algorithm (DGA); Electronic mail; Elliptic curve cryptography; Encryption; Malware; Payloads; Private-key cryptosystem ransomware; Servers
• DOI: 10.1109/UEMCON.2017.8249052

Crypto-ransomware is a challenging threat that ciphers a user's files while hiding the decryption key until a ransom is paid by the victim. This type of malware is a lucrative business for cybercriminals, generating millions of dollars annually. The spread of ransomware is increasing as traditional detection-based protection, such as antivirus and anti-malware, has proven ineffective at preventing attacks. Additionally, this form of malware is incorporating advanced encryption algorithms and expanding the number of file types it targets. Cybercriminals have found a lucrative market and no one is safe from being the next victim. Encrypting ransomware targets business small and large as well as the regular home user. This paper discusses ransomware methods of infection, technology behind it and what can be done to help prevent becoming the next victim. The paper investigates the most common types of crypto-ransomware, various payload methods of infection, typical behavior of crypto ransomware, its tactics, how an attack is ordinarily carried out, what files are most commonly targeted on a victim's computer, and recommendations for prevention and safeguards are listed as well.