Crypto Ransomware Detection on Windows Operating System

Mycert, Cybersecurity Malaysia, Cyberjaya, Selangor, Malaysia ,Wira Z A Zakaria,Cybersecurity Malaysia, Cyberjaya, Selangor, Malaysia ,Aswami Ariffin, ,Mohd Faizal Abdollah,Ng Thiam Tet,Othman Mohd

doi:10.35940/ijeat.b4948.129219

Mycert, Cybersecurity Malaysia, Cyberjaya, Selangor, Malaysia , Wira Z A Zakaria + Show 6 more

Open Access

https://doi.org/10.35940/ijeat.b4948.129219

Copy DOI

Abstract

Crypto-ransomware is a kind of malware threat, and it is one of approach frequently used by cybercriminals. It is due to the capability to hijack the victim’s files and data by totally encrypting it using sophisticated cryptographic libraries such as OpenSSL and Microsoft Cryptography API. From the ransom note left by the attacker on the infected machine, the victim is told to fulfil the requested payment to get back the files. New variants of ransomware were released from time to time, thus making the task of detecting and analyzing it becomes challenging and resource consuming. Obfuscation and polymorphism employed in most modern malware made the task of identifying it even harder. This research investigates the domain of detecting ransomware on a Windows-based platform. We reviewed some of the related works done within this domain. In this research work, we proposed a framework for crypto-ransomware detection on the Windows-based platform by using information such as API calls and registry.

Full Text