2018 IEEE Third International Conference on Data Science in Cyberspace (DSC) (2018)
Jun 18, 2018 to Jun 21, 2018
Ransomware is a type of malware that encrypts data or locks a device to extort a ransom. Recently, a variety of high-profile ransomware attacks have been reported, and many ransomware defense systems have been proposed. However, none specializes in resisting untargeted attacks such as those by remote desktop protocol (RDP) attack ransomware. To resolve this problem, this paper proposes a way to combat RDP ransomware attacks by trapping and tracing. It discovers and ensnares the attacker through a network deception environment and uses an auxiliary tracing technology to find the attacker, finally achieving the goal of deterring the ransomware attacker and countering the RDP attack ransomware. Based on cyber deception, an auxiliary ransomware traceable system called RansomTracer is introduced in this paper. RansomTracer collects clues about the attacker by deploying monitors in the deception environment. Then, it automatically extracts and analyzes the traceable clues. Experiments and evaluations show that RansomTracer ensnares the adversary in the deception environment and improves the efficiency of clue analysis significantly. In addition, it is able to recognize the clues that identify the attacker and the screening rate reaches 98.34%.
computer crime, cryptography, Internet, invasive software, protocols
Z. Wang, X. Wu, C. Liu, Q. Liu and J. Zhang, "RansomTracer: Exploiting Cyber Deception for Ransomware Tracing," 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), Guangzhou, China, 2018, pp. 227-234.