Interactive Security of Ransomware with Heuristic Random Bit Generator

Abstract

Nowadays internet is an important part of our life but we should use it carefully because so many cyber threats are there in web. One of crucial attack is ransomware attack. In 1995, the basic concept of ransomware was introduced as a cryptovirus. Nevertheless, since then, it has been considered for more than a decade merely a philosophic topic. Throughout 2017, Ransomware came to life, with many popular ransomware incidents targeting critical computer systems around the world. For starters, the damage caused by CryptoLocker and WannaCry is massive and worldwide. We encrypt the data of criminals which need an enormous amount of money in order to decrypt them. The key to recover cannot be found on the victim’s system ransomware footprint as they use public key encryption. Consequently, after being damaged, the system cannot be replaced without recovery costs. Antivirus researchers and network security experts have developed various methods to counter this risk. Nevertheless, cryptographic security is assumed to be infeasible because it is computationally as difficult to recover the files of a victim as breaking a public key cryptosystem. Recently, various techniques have been suggested to protect an OS’ crypto-API from malicious codes. Almost all ransomware uses the random number generation services offered by the victim’s operating system to develop encryption keys. Therefore, if a user can monitor all the random numbers created by the program, he/she will be able to recover the random numbers used during encryption key by the ransomware. We suggest a flexible ransomware security approach in this paper which substitutes the OS’ random number generator with a user-defined random number generator. Given that the proposed method causes the virus program to generate keys based on the user-defined generator output, an infected file system can be recovered by reproducing the attacker’s keys used to perform the encryption.