Ransomware attacks have historically caused significant disruption and financial loss to various organizations, both large and small. Despite its simplicity, ransomware can derive a significant revenue stream for its authors and maintainers, revenue amounting to 8 billions US dollars in 2018. It is occasionally claimed that regular backups are enough to thwart this class of attacks. However, it should be noted that backups are only effective if performed frequently, kept fully separated from the production network, and made readily available in the case of an incident. Indeed, actual accidents have shown that backups may not be of help if these conditions are not met. Even companies with state-of-the-art recovery plans have had their IT infrastructure rendered unusable by ransomware. Recent approaches propose to overcome the issue by combining fast techniques for detection of ransomware processes with file-system drivers which can rollback changes that a ransomware process may be able to make before being detected. However, as these detection techniques are based on heuristics or machine learning models, they may be vulnerable to evasion attacks. In this project we aim to evaluate the feasibility of such attacks and focus on creating stronger and more robust defense techniques against ransomware attacks.
Actually there is no current ransomware detection technique that is robust to the attacks that we have presented on [1].
This means that being able to craft a ransomware detection technique that is eventually robust to the attacks presented in [1] and all the traditional ransomware attacks, will lead to a new state-of-the-art in ransomware detection.
We would like to shift the behavioral monitoring of the processes from the process activity point of view to the resource point of view. We would like to model the behavior of processes in how they access, modify(etc.) the relevant files on the files system.
As another part of this project, we would like to study ransomware attacks on mobile operating systems like Android and IoS and be able to build detection techniques that would prevent a massive spread to these largely spread operating systems that are becoming more and more the operating systems the users use more for their productivity.
[1] Fabio De Gaspari, Dorjan Hitaj, Giulio Pagnotta, Lorenzo DeCarli, and Luigi V. Mancini. The Naked Sun: Malicious Cooperation Between Benign-Looking Processes ACNS 2020: 18th International Conference on Applied Cryptography and Network Security.