Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File

Soohan Lee, Suhyeon Lee, Jiwon Park, Kyoungmin Kim, Kyungho Lee

Research output: Contribution to journalArticlepeer-review

Abstract

Ransomware is a growing threat and is building ecosystems in the form of ransomware as a service (RaaS). While there have been diverse efforts to detect and mitigate such threats, techniques to bypass such countermeasures have advanced considerably. Since detecting all evolving threats has become challenging, there is a growing interest in developing proactive countermeasures that can minimize the damage even in environments where ransomware has already been executed. In this study, we gained insights from an attacker's perspective by analyzing ransomware such as LockBit and derived a generic counterstrategy against features that are common in ransomware attacks. Our proposed method protects critical files from existing ransomware by applying a hiding strategy that poses a challenge to attackers in finding the target files. We also present best practices for implementing the strategy while considering both in terms of security and usability using the link file and improving the method through the addition of a linker and encrypted database to reduce the attack surface. By using real-world ransomware samples, our experiments show that the proposed method successfully protects valuable files against ransomware in a cost-effective manner.

Original languageEnglish
Pages (from-to)92693-92704
Number of pages12
JournalIEEE Access
Volume11
DOIs
Publication statusPublished - 2023

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

  • avoidance mechanism
  • Cybersecurity
  • malware analysis
  • ransomware

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint

Dive into the research topics of 'Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File'. Together they form a unique fingerprint.

Cite this