I. Abstract: The type of Malware that has become a significant threat to businesses and individuals especially over the past few years is Ransomware, which encrypts the files on infected system/network and demands for a ransom usually in the form of bitcoins to unlock these files.
Its damage costs are predicted to hit $11.5B by 2019. In an attempt to protect user’s vital data from this fatal attack, in this work, we deployed more robust, efficient, accurate and newer technologies that could detect malicious activities on a system by using five different indicators, which includes analysing user’s data on Data processing platforms like Hadoop, R and Machine Learning techniques. These were tested with an aim to alert the user before a significant amount of information is lost, i.e.
, it narrows the data loss and also reduces the number of erroneous results by providing the user with details that could be used to flag it as either safe or unsafe.II. Introduction:Ransomware variants can be loosely classified into the following three categories:1. These kind of Ransomeware attacks can be called Denial of Service Attacks since the legimate user of the system is lockd out from accessing their files or performing any other activities till a partcular code is texted to an SMS provider who charges the user with high-end rates. Sometimes the attack comes as if its from some legal authorities or from the user’s OS operators. Victim can be asked to pay via online payment sytems. These kind of attacks do not generally damage the files inside the system. Below is the image of one such kind of ransomware that we developed.
2. Another type of Ransomwares are the ones that may or may not lock access to the system but will encrypt all personal/vital files and folders of the victim. Since the malware is made of complex encrypting algorithms, its difficult to decrypt them back without paying to the attacker hefty amounts of ransom to obtain the decryption key. Sometimes they may delete files as well. 3. This type of ransomware are believed to be most dangerous, beacuse in addition to the above to damages, it also infects the booting mechanism of an operating system. The victim then follows the instructions that the Ransom note provides on switching on the system.
When these types of malware enter into a computer system, it is often difficult to detect them and respond well in time since there a lot of new variants that are designed every day each of which potray different behaviour, thus making it difficult to design a tool that could resist something that changes its characteristics rapidly and behaves differntly every time. Moreover it is difficult to differentiate them from other safe softwares that sometmes would behave the way a ransomware infection would.What new have we done to tackle itIII.Background story:How it spreads How much financial damage/other damages it doesThe conventional ways of tackling it IV. Detection mechanismIndicator-1Malicious contents in a file.A java based programming framework hadoop has been used to analyse the contents of files in the documents directory and also from the source code files of different softwares to look for malicious codes / instructions.
In this approach the map reduce algorithm was deployed on a set of input files consisting XML files. A rigorous search for a string of particular words was m ade which successfully resulted in detecting the locations of malicious contents specifying the file name and line number.Indicator-2 This indicator helps in checking any unseen file , whether it is malicious or benign.
In this approach classification algorithms are deployed on a dataset which classifies whether an incoming file is safe. V. ImplementationVI. Scope of ImprovementElastic search over a networkMore unstructured dataDynamicity badhanaFaster and accurateVII. Conclusion