Abstract: The type of Malware that has become a significant threat to businesses and individuals especially over the past few years is Ransomware, which encrypts the files on infected system/network and demands for a ransom usually in the form of bitcoins to unlock these files. Its damage costs are predicted to hit $11.5B by 2019. In an attempt to protect user’s vital data from this fatal attack, in this work, we deployed more robust, efficient, accurate and newer technologies that could detect malicious activities on a system by using five different indicators, which includes analysing user’s data on Data processing platforms like Hadoop, R and Machine Learning techniques.
These were tested with an aim to alert the user before a significant amount of information is lost, i.e., it narrows the data loss and also reduces the number of erroneous results by providing the user with details that could be used to flag it as either safe or unsafe.II. Introduction:There are many variants of ransomware out there, but it can be loosely classified into the following four categories:1. SMS Ransomware: This type of ransomware locks your computer and displays a ransom message with a code.
To unlock your computer, you are instructed to send the code via text message to a premium-rate SMS number to receive the corresponding code to unlock it.Winlocker: This variant of ransomware also locks your computer, but it displays a more intimidating ransom message which appears to be from your local law enforcement agency. Unlike SMS ransomware, this particular kind instructs you to pay through an online payment system such as Ukash, Paysafecard, or Moneypak.
File Encryptors: This kind of ransomware can encrypt your personal files and folders using complex encryption algorithms to make your computer’s data unusable. The malware author then demands that you pay for the decryption key using one of the online payment systems mentioned above. The ransomware often leaves a file (or a “ransom note”) on the victim’s machine with payment instructions. This type of ransomware may or may not lock your screen.MBR Ransomware: This is another popular variant of ransomware, but it goes one step farther than the other three types mentioned above in terms of how the computer is locked. MBR Ransomware can change your computer’s Master Boot Record (MBR) and interrupts the normal boot process. The MBR is a partition on your computer’s hard drive that allows the operating system to load and boot. When this ransomware strikes, the ransom message is displayed as soon as the computer is turned on, meaning that you do not get the chance to load the operating system to remove the infection and repair your system.
MBR Ransomware may look scary, but this type of infection can easily be removed. The ransom message often says that the files have been encrypted, but in reality, they are not.Diiferent types of Ransomwares.Why its difficult to fight withWhat new have we done to tackle itIII.Background story:How it spreads How much financial damage/other damages it doesThe conventional ways of tackling it IV. Detection mechanismIndicator-1Malicious contents in a file.A java based programming framework hadoop has been used to analyse the contents of files in the documents directory and also from the source code files of different softwares to look for malicious codes / instructions.
In this approach the map reduce algorithm was deployed on a set of input files consisting XML files. A rigorous search for a string of particular words was made which successfully resulted in detecting the locations of malicious contents specifying the file name and line number.Indicator-2 This indicator helps in checking any unseen file , whether it is malicious or benign.In this approach classification algorithms are deployed on a dataset which classifies whether an incoming file is safe. V.
ImplementationVI. Scope of ImprovementElastic search over a networkMore unstructured dataDynamicity badhanaFaster and accurateVII. Conclusion