Connection-Monitor & Connection-Breaker: A Novel Approach for Prevention and Detection of High Survivable Ransomwares

Connection-Monitor & Connection-Breaker: A Novel Approach for Prevention and Detection of High Survivable Ransomwares

Ransomwares have become a growing threat in recent years, and this situation continues to worsen. It rose awareness on a particular class of malwares which extort a ransom in exchange for a captive asset. Most widespread ransomwares make an intensive use of data encryption. Basically, they encrypt various files on victim’s hard drives, removable drives and mapped network shares before asking for a ransom to get the files decrypted. In this paper, at first we propose a comprehensive ransomware taxonomy. Then, based on this taxonomy and according to a principal feature which we discovered in high survivable ransomwares (HSR) in the key exchange protocol step, we present a novel approach for detecting high survivable ransomwares and preventing them from encrypting victim’s data. Experimental evaluation demonstrates that our framework can detect variants of recent dangerous ransomwares.