No Random, No Ransom: A Key to Stop Cryptographic Ransomware

Interdisciplinary Research Group in Socio-technical Cybersecurity

No Random, No Ransom: A Key to Stop Cryptographic Ransomware

Ziya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan
Abstract:
To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to mitigate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized applications that call them. Our strategy, tested against 524 active real-world ransomware samples, stops 94% of them, including WannaCry, Locky, CryptoLocker and CryptoWall. Remarkably, it also nullifies NotPetya, the latest offspring of the family which so far has eluded all defenses.
Authors:
Ziya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan
Publication date:
2018
Published in:
Lecture Notes in Computer Science
Reference:
Genç, Z. A., Lenzini, G., & Ryan, P. Y. (2018, June). No random, no ransom: a key to stop cryptographic ransomware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 234-255). Springer, Cham.

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu