Crypto-ransomware aims at extorting money from users by encrypting their files and asking them to pay for the decryption key. We present Ranflood; a configurable drop-in solution that contrasts ransomware attacks with a deluge of decoy files at specific locations (e.g., sensitive folders of the user, the attack site), deceiving the attacker into encrypting sacrificial files. Ranflood further slows down the attack by contending with the malware access to IO and computation resources of the targeted machine. The aim is to buy time for the defence team to take action (e.g., manually shutting down an unresponsive machine). We show how the extensibility and modularity of Ranflood's software architecture (1) can accommodate a wide spectrum of flooding strategies, easing the process of improving its effectiveness also against future ransomware families and (2) strive to maximise the tool's efficiency by exploiting the highest level of parallelism afforded by the attacked machine
Berardi, D., Giallorenzo, S., Melis, A., Melloni, S., Prandini, M. (2024). Ranflood: A mitigation tool based on the principles of data flooding against ransomware. SOFTWAREX, 25, 1-6 [10.1016/j.softx.2023.101605].
Ranflood: A mitigation tool based on the principles of data flooding against ransomware
Berardi, Davide;Giallorenzo, Saverio;Melis, Andrea;Prandini, Marco
2024
Abstract
Crypto-ransomware aims at extorting money from users by encrypting their files and asking them to pay for the decryption key. We present Ranflood; a configurable drop-in solution that contrasts ransomware attacks with a deluge of decoy files at specific locations (e.g., sensitive folders of the user, the attack site), deceiving the attacker into encrypting sacrificial files. Ranflood further slows down the attack by contending with the malware access to IO and computation resources of the targeted machine. The aim is to buy time for the defence team to take action (e.g., manually shutting down an unresponsive machine). We show how the extensibility and modularity of Ranflood's software architecture (1) can accommodate a wide spectrum of flooding strategies, easing the process of improving its effectiveness also against future ransomware families and (2) strive to maximise the tool's efficiency by exploiting the highest level of parallelism afforded by the attacked machineFile | Dimensione | Formato | |
---|---|---|---|
softwarex2023.pdf
accesso aperto
Tipo:
Versione (PDF) editoriale
Licenza:
Licenza per Accesso Aperto. Creative Commons Attribuzione (CCBY)
Dimensione
569.27 kB
Formato
Adobe PDF
|
569.27 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.