CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data
Ransomware is a growing threat that encrypts auser's files and holds the decryption key until a ransom ispaid by the victim. This type of malware is responsible fortens of millions of dollars in extortion annually. Worse still, developing new variants is trivial, facilitating the evasion of man...
Uložené v:
| Vydané v: | Proceedings of the International Conference on Distributed Computing Systems s. 303 - 312 |
|---|---|
| Hlavní autori: | , , , |
| Médium: | Konferenčný príspevok.. Journal Article |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
01.06.2016
|
| Predmet: | |
| ISSN: | 1063-6927 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Ransomware is a growing threat that encrypts auser's files and holds the decryption key until a ransom ispaid by the victim. This type of malware is responsible fortens of millions of dollars in extortion annually. Worse still, developing new variants is trivial, facilitating the evasion of manyantivirus and intrusion detection systems. In this work, we presentCryptoDrop, an early-warning detection system that alerts a userduring suspicious file activity. Using a set of behavior indicators, CryptoDrop can halt a process that appears to be tampering witha large amount of the user's data. Furthermore, by combininga set of indicators common to ransomware, the system can beparameterized for rapid detection with low false positives. Ourexperimental analysis of CryptoDrop stops ransomware fromexecuting with a median loss of only 10 files (out of nearly5,100 available files). Our results show that careful analysis ofransomware behavior can produce an effective detection systemthat significantly mitigates the amount of victim data loss. |
|---|---|
| AbstractList | Ransomware is a growing threat that encrypts auser's files and holds the decryption key until a ransom ispaid by the victim. This type of malware is responsible fortens of millions of dollars in extortion annually. Worse still, developing new variants is trivial, facilitating the evasion of manyantivirus and intrusion detection systems. In this work, we presentCryptoDrop, an early-warning detection system that alerts a userduring suspicious file activity. Using a set of behavior indicators, CryptoDrop can halt a process that appears to be tampering witha large amount of the user's data. Furthermore, by combininga set of indicators common to ransomware, the system can beparameterized for rapid detection with low false positives. Ourexperimental analysis of CryptoDrop stops ransomware fromexecuting with a median loss of only 10 files (out of nearly5,100 available files). Our results show that careful analysis ofransomware behavior can produce an effective detection systemthat significantly mitigates the amount of victim data loss. |
| Author | Butler, Kevin R. B. Scaife, Nolen Carter, Henry Traynor, Patrick |
| Author_xml | – sequence: 1 givenname: Nolen surname: Scaife fullname: Scaife, Nolen email: scaife@ufl.edu – sequence: 2 givenname: Henry surname: Carter fullname: Carter, Henry email: henry.carter@villanova.edu – sequence: 3 givenname: Patrick surname: Traynor fullname: Traynor, Patrick email: traynor@cise.ufl.edu – sequence: 4 givenname: Kevin R. B. surname: Butler fullname: Butler, Kevin R. B. email: butler@ufl.edu |
| BookMark | eNotj01PwjAAhmuCiYAcPXnpEQ_Ddl2_vOHmBwmJich56drOTKCdbYnh3zuDp_fwPnmSZwJGzjsLwA1GC4yRvF-VVblZ5AizRcEuwExygSmSCBeC0BEYY8RIxmTOr8Akxi-EEBWMjMFjGU598muvd3CunIFV8D1cpbsHuEm-7zv3Cd-Vi_7wo4KFy5SU3kXoHdxGG2ClkroGl63aRzv73ynYPj99lK_Z-u1lVS7XWZfzImUt44ZTkbPG5A0TiFgpFNataKxulKGo4UwWUhjcCikpllIzNTxaN8ZQhskUzM_ePvjvo42pPnRR2_1eOeuPscZDKR2qyR96e0Y7a23dh-6gwqnmlDCaS_ILwWJYdw |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding Journal Article |
| DBID | 6IE 6IH CBEJK RIE RIO 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1109/ICDCS.2016.46 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Computer and Information Systems Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9781509014835 1509014837 |
| EndPage | 312 |
| ExternalDocumentID | 7536529 |
| Genre | orig-research |
| GroupedDBID | 23M 29G 29P 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO RNS 7SC 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-i274t-f67d75826bd2b6803e98a1cf8becbad50b769498d1f8995199c6acbaccbdd5613 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 263 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000383224500032&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1063-6927 |
| IngestDate | Thu Jul 10 22:50:33 EDT 2025 Wed Aug 27 01:46:27 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i274t-f67d75826bd2b6803e98a1cf8becbad50b769498d1f8995199c6acbaccbdd5613 |
| Notes | ObjectType-Article-2 SourceType-Scholarly Journals-1 ObjectType-Conference-1 ObjectType-Feature-3 content type line 23 SourceType-Conference Papers & Proceedings-2 |
| PQID | 1835581531 |
| PQPubID | 23500 |
| PageCount | 10 |
| ParticipantIDs | proquest_miscellaneous_1835581531 ieee_primary_7536529 |
| PublicationCentury | 2000 |
| PublicationDate | 20160601 |
| PublicationDateYYYYMMDD | 2016-06-01 |
| PublicationDate_xml | – month: 06 year: 2016 text: 20160601 day: 01 |
| PublicationDecade | 2010 |
| PublicationTitle | Proceedings of the International Conference on Distributed Computing Systems |
| PublicationTitleAbbrev | ICDSC |
| PublicationYear | 2016 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0005863 |
| Score | 2.5875347 |
| Snippet | Ransomware is a growing threat that encrypts auser's files and holds the decryption key until a ransom ispaid by the victim. This type of malware is... |
| SourceID | proquest ieee |
| SourceType | Aggregation Database Publisher |
| StartPage | 303 |
| SubjectTerms | Arrays behavioral analysis Computer information security Computer networks Conferences data protection Distributed processing Encryption Entropy Indicators Intrusion intrusion detection Malware Monitoring Plugs ransomware |
| Title | CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data |
| URI | https://ieeexplore.ieee.org/document/7536529 https://www.proquest.com/docview/1835581531 |
| WOSCitedRecordID | wos000383224500032&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA5t8eCpaivWFxE8KLjtdh95eNPWYkFKsRZ6K9lkIj24W7ap4r832b4OevEWCIEwM5lH5psZhK5VQnxFWeRpiIUXKaAeD5O2R1Sopa_Bp-AXwyboYMAmEz4sobttLQwAFOAzaLplkctXmVy6r7KWda1JHPAyKlNKV7VaOzgHIyswPQk9wgO666fZ6ne6nZFDcZGm83OLKSq_VG9hT3rV_93kANV3hXl4uDU5h6gE6RGqbiYz4PVDraHHTv49N9mLVXb4RqQKd_Nsjvvm9h6PTOZaMrzjV2ukso8vkQN-MMaV2uMsxWMrkrgrjKijce_prfPsracleDMbWRpPE6qs8x-QRAUJYX4InIm21MxyKREq9hNKeMSZamsbY1nHjUsi7I6UiVIujDhGlTRL4QRhKiMgSuqAaxZJGTACzJcBgI51SKhooJojyXS-aogxXVOjga42NJ1aIXWZB5FCtlxMrd6IY2aVa_v076NnaN_xZ4XBOkcVky_hAu3JTzNb5JcFp38Aeaep4A |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEB58gZ5849sIHhRc3Wce3rRVLNYiPsDbkk0m4sHdsqaK_95kW-1BL94CIRBmJvPIfDMDsK8LGmrG08BgJoNUIwtEUkQB1YlRocGQYdgMm2C9Hn96ErcTcPRTC4OIDfgMj_2yyeXrSg38V9mJc61pFotJmM7SNI6G1VpjQAenQzg9TQIqYjbuqHnSabVb9x7HRY-9p9vMUfmlfBuLcjn_v7sswMq4NI_c_hidRZjAcgnmv2czkNFTXYbzVv3Zt1XXqTtyIEtN2nXVJx17eErubeWbMjyTO2emqtcPWSM5s9YX25OqJI9OKElbWrkCj5cXD62rYDQvIXhxsaUNDGXauf8xLXRcUB4mKLiMlOGOT4XUWVgwKlLBdWRclOVcN6GodDtKFVr7QGIVpsqqxDUgTKVItTKxMDxVKuYUeahiRJOZhDK5DsueJHl_2BIjH1FjHfa-aZo7MfW5B1liNXjLnebIMu7Ua7Tx99FdmL16uOnm3U7vehPmPK-GiKwtmLL1ALdhRr3bl7d6p-H6F338rSc |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+of+the+International+Conference+on+Distributed+Computing+Systems&rft.atitle=CryptoLock+%28and+Drop+It%29%3A+Stopping+Ransomware+Attacks+on+User+Data&rft.au=Scaife%2C+Nolen&rft.au=Carter%2C+Henry&rft.au=Traynor%2C+Patrick&rft.au=Butler%2C+Kevin+R.+B.&rft.date=2016-06-01&rft.pub=IEEE&rft.issn=1063-6927&rft.spage=303&rft.epage=312&rft_id=info:doi/10.1109%2FICDCS.2016.46&rft.externalDocID=7536529 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1063-6927&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1063-6927&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1063-6927&client=summon |