Paper published in a book (Scientific congresses, symposiums and conference proceedings)
No Random, No Ransom: A Key to Stop Cryptographic Ransomware
Genç, Ziya Alper; Lenzini, Gabriele; Ryan, Peter
2018In Proceedings of the 15th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Peer reviewed
 

Files


Full Text
dimva2018_GLR.pdf
Author postprint (458.3 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
ransomware; cryptographic malware; randomness; mitigation
Abstract :
[en] To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to mitigate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized applications that call them. Our strategy, tested against 524 active real-world ransomware samples, stops 94% of them, including WannaCry, Locky, CryptoLocker and CryptoWall. Remarkably, it also nullifies NotPetya, the latest offspring of the family which so far has eluded all defenses.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Computer science
Author, co-author :
Genç, Ziya Alper ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Lenzini, Gabriele ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Ryan, Peter ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
no
Language :
English
Title :
No Random, No Ransom: A Key to Stop Cryptographic Ransomware
Publication date :
2018
Event name :
15th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2018)
Event organizer :
CEA
Télécom SudParis
Event place :
Saclay, France
Event date :
28-29 June 2018
Audience :
International
Main work title :
Proceedings of the 15th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Publisher :
Springer, Cham, Switzerland
ISBN/EAN :
978-3-319-93410-5
Pages :
234-255
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 10 May 2018

Statistics


Number of views
470 (27 by Unilu)
Number of downloads
1136 (26 by Unilu)

Scopus citations®
 
21
Scopus citations®
without self-citations
18
OpenCitations
 
11

Bibliography


Similar publications



Contact ORBilu