1. These kind of Ransomware
attacks can be called Denial of Service Attacks since the legitimate user of
the system is locked out from accessing their files or performing any other
activities till a particular code is texted to an SMS provider who charges the
user with high-end rates. Sometimes the attack comes as if its from some legal
authorities or from the user’s OS operators. Victim can be asked to pay via
online payment systems. These kind of attacks do not generally damage the files
inside the system. Below is the image of one such kind of ransomware that we
2. Another type of Ransomwares are the ones that may or may not lock
access to the system but will encrypt all personal/vital files and folders of
the victim. Since the malware is made of complex encryption algorithms, its
difficult to decrypt them back without paying to the attacker hefty amounts of
ransom to obtain the decryption key. Sometimes they may delete files as well.
3. This type of ransomware are believed to be most dangerous, because
in addition to the above to damages, it also infects the booting mechanism of
an operating system. The victim then follows the instructions that the Ransom
note provides on switching on the system.
When these types of malware enter into a computer system, it is often
difficult to detect them and respond well in time since there a lot of new
variants that are designed every day each of which portray different behavior,
thus making it difficult to design a tool that could resist something that
changes its characteristics rapidly and behaves differently every time.
Moreover it is difficult to differentiate them from other safe soft wares that
sometimes would behave the way a ransomware infection would. In our work, the
focus is on detecting the files causing the first and second type of Ransomware
Therefore, in this work
contribution has been made towards:
1. Identifying four indicators:
All these indicators were identified on the basis of how different
ransomwares behave on a file system. Each of these indicators were designed to
analyze particular conduct in terms of finding destructive content from target
files/source codes or analyzing the type of files. Other indicators aim to keep
a check on data integrity, uncommon read/write behaviors and file deletions.
Each of these indicators will be explained in the next section.
2. Protect from unseen malware attacks: Because of using more dynamic
techniques of Machine Learning, its classification and prediction models, it is
easier now to immediately detect any type of malware that the system has not
3. Minimizing the amount of data loss: All these indicators when made
to work together, they will be able to alert the user at the early stage of any
harmful activities being carried out and also of whose causing that to the
4. Safely differentiate between benign and harmful files: After the
files are checked for harmful content or destructing actions on the user’s file
system, which trigger these indications accordingly, the files can be further
analyzed into ‘safe’ or ‘unsafe’ category by using classification algorithm (Hypothesis
testing) and giving the control to the user to review its contents before
classifying each file.