nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Redemption: Real-Time Protection Against Ransomware at End-Hosts

verfasst von : Amin Kharraz, Engin Kirda

Erschienen in: Research in Attacks, Intrusions, and Defenses

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Ransomware is a form of extortion-based attack that locks the victim’s digital resources and requests money to release them. The recent resurgence of high-profile ransomware attacks, particularly in critical sectors such as the health care industry, has highlighted the pressing need for effective defenses. While users are always advised to have a reliable backup strategy, the growing number of paying victims in recent years suggests that an endpoint defense that is able to stop and recover from ransomware’s destructive behavior is needed.

In this paper, we introduce Redemption, a novel defense that makes the operating system more resilient to ransomware attacks. Our approach requires minimal modification of the operating system to maintain a transparent buffer for all storage I/O. At the same time, our system monitors the I/O request patterns of applications on a per-process basis for signs of ransomware-like behavior. If I/O request patterns are observed that indicate possible ransomware activity, the offending processes can be terminated and the data restored.

Our evaluation demonstrates that Redemption can ensure zero data loss against current ransomware families without detracting from the user experience or inducing alarm fatigue. In addition, we show that Redemption incurs modest overhead, averaging 2.6% for realistic workloads.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Lens on the Endpoint: Hunting for Malicious Software Through Endpoint Data Analysis

Nächstes Kapitel ILAB: An Interactive Labelling Strategy for Intrusion Detection

Nur mit Berechtigung zugänglich

Minotaur Analysis - Malware Repository. minotauranalysis.com/

Malware Tips - Your Security Advisor. http://malwaretips.com/forums/virus-exchange.104/

MalwareBlackList - Online Repository of Malicious URLs. http://www.malwareblacklist.com

A brief demo on how Redemption operates (2016). https://www.youtube.com/watch?v=iuEgFVz7a7g

AutoIt (2016). https://www.autoitscript.com/site/autoit/

IOzone Filesystem Benchmark (2016). www.iozone.org

Ajjan, A.: Ransomware: Next-Generation Fake Antivirus (2013). http://www.sophos.com/en-us/medialibrary/PDFs/technicalpapers/SophosRansomwareFakeAntivirus.pdf

Hern, A.: Major sites including New York Times and BBC hit By Ransomware Malvertising (2016). https://www.theguardian.com/technology/2016/mar/16/major-sites-new-york-times-bbc-ransomware-malvertising

Hern, A.: Ransomware threat on the rise as almost 40 percent of bussinesses attacked (2016). https://www.theguardian.com/technology/2016/aug/03/ransomware-threat-on-the-rise-as-40-of-businesses-attacked

10.

Dalton, A.: Hospital paid 17K ransom to hackers of its computer network (2016). http://bigstory.ap.org/article/d89e63ffea8b46d98583bfe06cf2c5af/hospital-paid-17k-ransom-hackers-its-computer-network

11.

BBC News. University pays 20,000 Dollars to ransomware hackers (2016). http://www.bbc.com/news/technology-36478650

12.

Osborne, C.: Researchers launch another salvo at CryptXXX ransomware (2016). http://www.zdnet.com/article/researchers-launch-another-salvo-at-cryptxxx-ransomware/

13.

Francescani, C.: Ransomware Hackers Blackmail U.S. Police Departments (2016). http://www.cnbc.com/2016/04/26/ransomware-hackers-blackmail-us-police-departments.html

14.

Mannion, C.: Three U.S. Hospitals Hit in String of Ransomware Attacks (2016). http://www.nbcnews.com/tech/security/three-u-s-hospitals-hit-string-ransomware-attacks-n544366

15.

Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., Maggi, F.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM (2016)

16.

Whitcomb, D.: California lawmakers take step toward outlawing ransomware (2016). http://www.reuters.com/article/us-california-ransomware-idUSKCN0X92PA

17.

Dell SecureWorks. University of Calgary paid 20K in ransomware attack (2016). http://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979

18.

Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6, 77–90 (2010)CrossRef

19.

Wolf, G.: 8 High Profile Ransomware Attacks You May Not Have Heard Of (2016). https://www.linkedin.com/pulse/8-high-profile-ransomware-attacks-you-may-have-heard-gregory-wolf

20.

Zremski, J.: New York Senator Seeks to Combat Ransomware (2016). http://www.govtech.com/security/New-York-Senator-Seeks-to-Combat-Ransomware.html

21.

Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: A large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (2016)

22.

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the Gordian Knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). doi:10.1007/978-3-319-20550-2_1 CrossRef

23.

Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 599–611. ACM, New York (2017)

24.

Abrams, L.: TeslaCrypt Decrypted: flaw in TeslaCrypt allows Victim’s to Recover their Files (2016). http://www.bleepingcomputer.com/news/security/teslacrypt-decrypted-flaw-in-teslacrypt-allows-victims-to-recover-their-files/

25.

Lin, J.: Divergence measures based on the shannon entropy. IEEE Trans. Inform. Theory 37, 145–151 (1991)MathSciNetCrossRefMATH

26.

Malware Don’t Need Coffee. Guess who’s back again? Cryptowall 3.0 (2015). http://malware.dontneedcoffee.com/2015/01/guess-whos-back-again-cryptowall-30.html

27.

Microsoft, Inc. Blocking Direct Write Operations to Volumes and Disks. https://msdn.microsoft.com/en-us/library/windows/hardware/ff551353(v=vs.85).aspx

28.

Microsoft, Inc. Protecting Anti-Malware Services (2016). https://msdn.microsoft.com/en-us/library/windows/desktop/dn313124(v=vs.85).aspx

29.

Ms. Smith. Kansas Heart Hospital hit with ransomware; attackers demand two ransoms (2016). http://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html

30.

No-More-Ransomware Project. No More Ransomware! (2016). https://www.nomoreransom.org/about-the-project.html

31.

Scaife, N., Carter, H., Traynor, P., Butler, K.R.: CryptoLock (and Drop It): stopping ransomware attacks on user data. In: IEEE International Conference on Distributed Computing Systems (ICDCS) (2016)

32.

O’Gorman, G., McDonald, G.: Ransomware: A Growing Menance (2012). http://www.symantec.com/connect/blogs/ransomware-growing-menace

33.

Symantec, Inc. Internet Security Threat Report (2014). http://www.symantec.com/security_response/publications/threatreport.jsp

34.

TrendLabs. An Onslaught of Online Banking Malware and Ransomware (2013). http://apac.trendmicro.com/cloud-content/apac/pdfs/security-intelligence/reports/rpt-cashing-in-on-digital-information.pdf

35.

WIRED Magazine. Why Hospitals Are the Perfect Targets for Ransomware (2016). https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/

Titel: Redemption: Real-Time Protection Against Ransomware at End-Hosts
verfasst von: Amin Kharraz
Engin Kirda
Verlag: Springer International Publishing
Buch: Research in Attacks, Intrusions, and Defenses
Print ISBN: 978-3-319-66331-9

Electronic ISBN: 978-3-319-66332-6

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-66332-6_5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"