METHOD FOR DETECTION OF RANSOMWARE CYBER THREATS BASED ON HONEYPOT: STATE-OF-ART

Abstract

The work presents the research of the methods for detecting cyber threats such as Ransomware based on the use of Honeypot. Today, lack of awareness allows attacks to bypass basic security mechanisms, security vulnerabilities in the IT systems of small and large corporations are increasingly being used to cause business failures. The cyberattackscontinue to expand rapidly as cybercriminals constantly bypass the security tools developed and implemented by organizations. The purpose of attacks is increasingly data that is critical to both individuals and organizations. Attackers use capabilitiesthat can help them seize control of valuable data to demand a ransom from the data owner. Ransomware is a form of malware that infects a computer or multiple computers over a network by encrypting files and folders, making them unusable. The users are then asked to make a ransom. Ransomware is not a new threat, but its use is growing rapidly and causing large financial losses in the world. This is a serious challenge for cybersecurity analysts because typical ransomware is not detected by antivirus software due to its polymorphic nature. There was a sudden surge in extremely dangerous ransomware attacks that harmed most companies and individuals. Ransomware poses a great threat and must be fought at a global level. There is a lack of comprehensive analysis to cover the security issues of individual users and corporations. Ransomware avoidance methods are the most effective and require special attention as the reduction and recovery of ransomware becomes increasingly difficult. The task arises to investigate the effectiveness of known methods in order to assess and identify their advantages and disadvantages, which will allow in the future to develop and implement new effective methods and means of combating Ransomware-type SPZ based on the use of Honeypot. The study shows that because malware is automated and targets any location arbitrarily, placing the bait anywhere to detect activity is an improvement over the lack of monitoring at all. Experimental studies indicate a high reliability of the proposed methods, in particular the reliability of the detection of cyber threats of the Ransomware type, but the insufficient adaptability of these methods in the evolution of the malware.