No Random, No Ransom: A Key to Stop Cryptographic Ransomware
English
Genç, Ziya Alper[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Lenzini, Gabriele[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Ryan, Peter[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2018
Proceedings of the 15th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Springer
234-255
Yes
No
International
978-3-319-93410-5
Cham
Switzerland
15th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2018)
[en] To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to mitigate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized applications that call them. Our strategy, tested against
524 active real-world ransomware samples, stops 94% of them, including WannaCry, Locky, CryptoLocker and CryptoWall. Remarkably, it also nullifies NotPetya, the latest offspring of the family which so far has eluded all defenses.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Researchers ; Professionals ; Students ; General public ; Others
[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
