A Ransomware Classification Framework Based on File-Deletion and File-Encryption Attack Structures

by   Aaron Zimba, et al.

Ransomware has emerged as an infamous malware that has not escaped a lot of myths and inaccuracies from media hype. Victims are not sure whether or not to pay a ransom demand without fully understanding the lurking consequences. In this paper, we present a ransomware classification framework based on file-deletion and file-encryption attack structures that provides a deeper comprehension of potential flaws and inadequacies exhibited in ransomware. We formulate a threat and attack model representative of a typical ransomware attack process from which we derive the ransomware categorization framework based on a proposed classification algorithm. The framework classifies the virulence of a ransomware attack to entail the overall effectiveness of potential ways of recovering the attacked data without paying the ransom demand as well as the technical prowess of the underlying attack structures. Results of the categorization, in increasing severity from CAT1 through to CAT5, show that many ransomwares exhibit flaws in their implementation of encryption and deletion attack structures which make data recovery possible without paying the ransom. The most severe categories CAT4 and CAT5 are better mitigated by exploiting encryption essentials while CAT3 can be effectively mitigated via reverse engineering. CAT1 and CAT2 are not common and are easily mitigated without any decryption essentials.



There are no comments yet.


page 1

page 2

page 3

page 4


An efficient structural attack on NIST submission DAGS

We present an efficient key recovery attack on code based encryption sch...

Fight Virus Like a Virus: A New Defense Method Against File-Encrypting Ransomware

Nowadays ransomware has become a new profitable form of attack. This typ...

SoK: Untangling File-based Encryption on Mobile Devices

File-based encryption (FBE) schemes have been developed by software vend...

A deep learning based known plaintext attack method for chaotic cryptosystem

In this paper, we propose a known-plaintext attack (KPA) method based on...

APEX: Adaptive Ext4 File System for Enhanced Data Recoverability in Edge Devices

Recently Edge Computing paradigm has gained significant popularity both ...

A Novel Approach for Attack Tree to Attack Graph Transformation: Extended Version

Attack trees and attack graphs are both common graphical threat models u...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.