A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization
This is my personal note about the paper. https://www.mdpi.com/2078-2489/15/1/46
Abstract
This paper suggests a holistic approach to ransomware classification by static analysis, dynamic analysis and visualization techniques.
- Static analysis: fast and accurate
- Dynamic analysis: able to classify and cluster packed ransomware samples.
- Visualization: able to classify and cluster large datasets of ransomware in a more intuitive and effective way.
Contributions
- Comparative analysis of infection behaviors across various ransomware families.
- Utilization of data visualization methods for the identification of similar ransomware samples within extensive datasets.
- Employing a similarity matrix approach for the analysis of static and dynamic features in ransomware samples.
- Assessment of the merits and limitations associated with static and dynamic feature analysis.
- Comprehensive survey and comparative evaluation of varied ransomware detection approaches, alongside an in-depth exploration of the ransomware detection ecosystem.
- Development and proposal of an automated methodology for extracting diverse feature sets from ransomware samples.
Categories
- Encrypting Ransomware: This category involves ransomware that encrypts files on the victim’s system, rendering them inaccessible until a ransom is paid.
- Locker Ransomware: Locker ransomware locks the victim out of their entire system, preventing access until a ransom is provided.
- Doxware or Leakware: This type threatens to release sensitive information unless a ransom is paid, often compromising privacy.
- Scareware: Scareware displays false warnings or claims of malware infections, extorting money for their removal.
- Mobile Ransomware: Designed for mobile devices, this category targets smartphones and tablets, encrypting data or locking the device.
- Ransomware-as-a-Service (RaaS): RaaS platforms allow cybercriminals to easily create and distribute ransomware, contributing to its proliferation.
- Targeted Ransomware: Some ransomware attacks are highly targeted, focusing on specific organizations or individuals, often with higher ransom demands.
- Cryptojacking: While it is not traditional ransomware, cryptojacking malware hijacks computer resources to mine cryptocurrencies, often without the victim’s consent.
Interesting points
- A brief history of ransomware is presented.
- It is clear that there are several patterns in the behavior of ransomware.
Thoughts
The paper looked like a good overview of ransomware categories.
Phrase
In conclusion, our proposed comprehensive approach for ransomware classification is an effective and efficient method for accurately classifying and clustering ransomware samples.