Ricerc@Sapienza

Ransomware attacks have historically caused significant disruption and financial loss to various organizations, both large and small. Despite its simplicity, ransomware can derive a significant revenue stream for its authors and maintainers, revenue amounting to 8 billions US dollars in 2018. It is occasionally claimed that regular backups are enough to thwart this class of attacks. However, it should be noted that backups are only effective if performed frequently, kept fully separated from the production network, and made readily available in the case of an incident. Indeed, actual accidents have shown that backups may not be of help if these conditions are not met. Even companies with state-of-the-art recovery plans have had their IT infrastructure rendered unusable by ransomware. Recent approaches propose to overcome the issue by combining fast techniques for detection of ransomware processes with file-system drivers which can rollback changes that a ransomware process may be able to make before being detected. However, as these detection techniques are based on heuristics or machine learning models, they may be vulnerable to evasion attacks. In this project we aim to evaluate the feasibility of such attacks and focus on creating stronger and more robust defense techniques against ransomware attacks.