RansomCare: Data-centric detection and mitigation against smartphone crypto-ransomware

Abstract

Ransomware has presented itself as one of the most critical computer threats in the past few years. Along with the increase of user’s data on portable devices, ransomware has also vastly targeted smartphones. In this paper, we present RansomCare, a data-centric detection and mitigation method against smartphone crypto-ransomware. RansomCare can detect and neutralize crypto-ransomware in real-time on smartphones employing dynamic and lightweight static analysis. It is capable of recovering user’s lost files while preserving data privacy, thanks to its backup before modification or deletion. Our solution mainly relies on the structure of the user’s data and data entropy for the detection of crypto-ransomware. We assessed RansomCare on two datasets of recent smartphone crypto-ransomware and performed experiments to evaluate its detection time, accuracy, and performance overhead. We also compared our work with some state-of-the-art commercial and academic solutions. The results reveal that RansomCare is capable of fast detection of crypto-ransomware on smartphones with high accuracy and zero data loss.