Ransomware prevention using moving target defense based approach

Abstract

Over the past decade, there has been a rapidly rising trend of malware (ransomware) that limits user access by encrypting the data and demanding the ransom against the decryption key. In most cases, such encryption may lead to a permanent data loss. In order to prevent this unwanted encryption, we propose a method based on Moving Target Defense (MTD) approach. Our method is based on the alteration of the attack surface to reduce the attack success ratio. We have used multiple layers of MTD. The first layer generates random extensions that hide the existing known file extensions. This will protect user files against those ransomware variants which encrypt files having some specific extensions. Our second layer of protection uses event-based MTD in which tasks are scheduled to change file extensions at the occurrence of specific events which mostly occur due to the execution of ransomware in the system. As a result of our proposed method, we have successfully protected user files against well-known ransomware variants such as WannaCry, Cerber, Locky, Tesla, Revil, Bitlocker, Darkside, Ranzy.