Crypto Ransomware Detection on Windows Operating System
Wira Z. A. Zakaria1, Mohd Faizal Abdullah2, Othman Mohd3, Aswami Ariffin4, Ng Thiam Tet5
1Wira Z. A. Zakaria, MyCERT, Cybersecurity Malaysia, Cyberjaya, Selangor, Malaysia.
2Mohd Faizal Abdollah, Faculty of Information and Communication Technology, Universiti Teknikal Malaysia, Melaka, Hang Tuah Jaya, Melaka, Malaysia.
3Othman Mohd, Faculty of Information and Communication Technology, Universiti Teknikal Malaysia, Melaka, Hang Tuah Jaya, Melaka, Malaysia.
4Aswami Ariffin, Cybersecurity Malaysia, Cyberjaya, Selangor, Malaysia.
5Ng Thiam Tet, Faculty of Information and Communication Technology, Universiti Teknikal Malaysia, Melaka, Hang Tuah Jaya, Melaka, Malaysia.
Manuscript received on November 30, 2019. | Revised Manuscript received on December 30, 2019. | Manuscript published on December 30, 2019. | PP: 4070-4075 | Volume-9 Issue-2, December, 2019. | Retrieval Number: B4948129219/2019©BEIESP | DOI: 10.35940/ijeat.B4948.129219
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Crypto-ransomware is a kind of malware threat, and it is one of approach frequently used by cybercriminals. It is due to the capability to hijack the victim’s files and data by totally encrypting it using sophisticated cryptographic libraries such as OpenSSL and Microsoft Cryptography API. From the ransom note left by the attacker on the infected machine, the victim is told to fulfil the requested payment to get back the files. New variants of ransomware were released from time to time, thus making the task of detecting and analyzing it becomes challenging and resource consuming. Obfuscation and polymorphism employed in most modern malware made the task of identifying it even harder. This research investigates the domain of detecting ransomware on a Windows-based platform. We reviewed some of the related works done within this domain. In this research work, we proposed a framework for crypto-ransomware detection on the Windows-based platform by using information such as API calls and registry.
Keywords: Crypto ransomware, ransomware, ransomware classification, Windows ransomware detection