A Ransomware Classification Framework Based on File-Deletion and File-Encryption Attack Structures

by   Aaron Zimba, et al.

Ransomware has emerged as an infamous malware that has not escaped a lot of myths and inaccuracies from media hype. Victims are not sure whether or not to pay a ransom demand without fully understanding the lurking consequences. In this paper, we present a ransomware classification framework based on file-deletion and file-encryption attack structures that provides a deeper comprehension of potential flaws and inadequacies exhibited in ransomware. We formulate a threat and attack model representative of a typical ransomware attack process from which we derive the ransomware categorization framework based on a proposed classification algorithm. The framework classifies the virulence of a ransomware attack to entail the overall effectiveness of potential ways of recovering the attacked data without paying the ransom demand as well as the technical prowess of the underlying attack structures. Results of the categorization, in increasing severity from CAT1 through to CAT5, show that many ransomwares exhibit flaws in their implementation of encryption and deletion attack structures which make data recovery possible without paying the ransom. The most severe categories CAT4 and CAT5 are better mitigated by exploiting encryption essentials while CAT3 can be effectively mitigated via reverse engineering. CAT1 and CAT2 are not common and are easily mitigated without any decryption essentials.


page 1

page 2

page 3

page 4


Debiasing Backdoor Attack: A Benign Application of Backdoor Attack in Eliminating Data Bias

Backdoor attack is a new AI security risk that has emerged in recent yea...

An efficient structural attack on NIST submission DAGS

We present an efficient key recovery attack on code based encryption sch...

Fight Virus Like a Virus: A New Defense Method Against File-Encrypting Ransomware

Nowadays ransomware has become a new profitable form of attack. This typ...

ID-based self-encryption via Hyperledger Fabric based smart contract

This paper offers a prototype of a Hyperledger Fabric-IPFS based network...

SoK: Untangling File-based Encryption on Mobile Devices

File-based encryption (FBE) schemes have been developed by software vend...

Publicly-Verifiable Deletion via Target-Collapsing Functions

We build quantum cryptosystems that support publicly-verifiable deletion...

Cryptographic ransomware encryption detection: Survey

The ransomware threat has loomed over our digital life since 1989. Crimi...

Please sign up or login with your details

Forgot password? Click here to reset