1. These kind of Ransomwareattacks can be called Denial of Service Attacks since the legitimate user isdeprived of working over his files or performing any other activities till aparticular code is texted to an SMS provider who charges the user with high-endrates. Sometimes the attack comes as if its from some legal authorities or fromthe user’s OS operators. Victim can be asked to pay via online payment systems.These kind of attacks do not generally damage the files inside the system.Below is the image of one such kind of ransomware that we developed.
2. Another type of Ransomwares are the ones that might or might not lockaccess to the system but will encrypt all personal/vital and important data.Since the malware is made of complicated encryption algorithms, it’s difficultto decrypt them and retain the access without paying to the attacker heftyamounts of ransom to obtain the decryption key. They might delete files.3. This type of ransomware are believed to be most dangerous, becausein addition to the above to damages, it also infects the booting mechanism ofan operating system.
The victim then follows the instructions that the Ransomnote provides on switching on the system.When these types of malware enter into a device, it is often difficultto detect them and respond well in time since there are a good no. of upgradedand differentiated variants that come into existence every day each of whichportray different behavior, thus making it difficult to design a tool thatcould resist something that changes its characteristics rapidly and behavesdifferently every time. Moreover it is difficult to differentiate them fromother safe soft wares that sometimes would behave the way a ransomwareinfection would. In our work, the focus is on detecting the files causing thefirst and second type of Ransomware attacks.Therefore, in this workcontribution has been made towards:1. Identifying four indicators: All these indicators were identified on the basis ransomware behavior toa system containing files.
Each of these indicators were designed to analyzeparticular conduct in terms of finding destructive content from targetfiles/source codes or analyzing the type of files. Other indicators aim to keepa check on data integrity, uncommon read/write behaviors and file deletions.Each of these indicators will be explained in the next section. 2. Protect from unseen malware attacks: Because of using more dynamictechniques of Machine Learning, its classification and prediction models, it iseasier now to immediately detect any type of malware that the system has notexperienced before.
3. Minimizing the amount of data loss: All these indicators when madeto work together, they will be able to alert the user at the early stage of annoyingactivities that come in existence and also of whose causing that to the system.4. Safely differentiate between benign andharmful files: After the files are checked for harmful content or destructingactions on the user’s file system, which trigger these indications accordingly,the files can be further analyzed into ‘safe’ or ‘unsafe’ category by usingclassification algorithm (Hypothesis testing) and giving the control to theuser to review its contents before classifying each file.