Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File
Ransomware is a growing threat and is building ecosystems in the form of ransomware as a service (RaaS). While there have been diverse efforts to detect and mitigate such threats, techniques to bypass such countermeasures have advanced considerably. Since detecting all evolving threats has become ch...
Gespeichert in:
| Veröffentlicht in: | IEEE access 2023-01, Vol.11, p.1-1 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 1 |
|---|---|
| container_issue | |
| container_start_page | 1 |
| container_title | IEEE access |
| container_volume | 11 |
| creator | Lee, Soohan Lee, Suhyeon Park, Jiwon Kim, Kyoungmin Lee, Kyungho |
| description | Ransomware is a growing threat and is building ecosystems in the form of ransomware as a service (RaaS). While there have been diverse efforts to detect and mitigate such threats, techniques to bypass such countermeasures have advanced considerably. Since detecting all evolving threats has become challenging, there is a growing interest in developing proactive countermeasures that can minimize the damage even in environments where ransomware has already been executed. In this study, we gained insights from an attacker's perspective by analyzing ransomware such as LockBit and derived a generic counterstrategy against features that are common in ransomware attacks. Our proposed method protects critical files from existing ransomware by applying a hiding strategy that poses a challenge to attackers in finding the target files. We also present best practices for implementing the strategy while considering both in terms of security and usability using the link file and improving the method through the addition of a linker and encrypted database to reduce the attack surface. By using real-world ransomware samples, our experiments show that the proposed method successfully protects valuable files against ransomware in a cost-effective manner. |
| doi_str_mv | 10.1109/ACCESS.2023.3309879 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2859714910</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10233856</ieee_id><doaj_id>oai_doaj_org_article_32b111340ea84c1ebfb096450edf31a3</doaj_id><sourcerecordid>2859714910</sourcerecordid><originalsourceid>FETCH-LOGICAL-c459t-d7e4820dd4c67f7c04035cf9be0635447bad1c9ef09d0f692ce63e7f2f7c29543</originalsourceid><addsrcrecordid>eNpNkU9rGzEQxZeSQkOST9AeBD3blTTS7io3s-QfGBLihhyFVhrZcuyVo5UJ_vZdZ03JXGYY3vvNwCuKn4xOGaPqz6xpbhaLKaccpgBU1ZX6VpxzVqoJSCjPvsw_iqu-X9Oh6mElq_NidR9c6JYkdCSvkDQpfrhr8my6Pm4_TELylGJGm0PsSHsgMxd3-ahvzDbu_cYskZjOkRNlkZPJuDyQ15BXn8B56N7IbdjgZfHdm02PV6d-Ubzc3vxt7ifzx7uHZjafWCFVnrgKRc2pc8KWla8sFRSk9apFWoIUomqNY1ahp8pRXypusQSsPB-0XEkBF8XDyHXRrPUuha1JBx1N0J-LmJbapBzsBjXwljEGgqKphWXY-paqUkiKzgMzMLB-j6xdiu977LNex33qhvc1r6WqmFCMDioYVTbFvk_o_19lVB8T0mNC-piQPiU0uH6NroCIXxwcoJYl_AOziYwW</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2859714910</pqid></control><display><type>article</type><title>Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Lee, Soohan ; Lee, Suhyeon ; Park, Jiwon ; Kim, Kyoungmin ; Lee, Kyungho</creator><creatorcontrib>Lee, Soohan ; Lee, Suhyeon ; Park, Jiwon ; Kim, Kyoungmin ; Lee, Kyungho</creatorcontrib><description>Ransomware is a growing threat and is building ecosystems in the form of ransomware as a service (RaaS). While there have been diverse efforts to detect and mitigate such threats, techniques to bypass such countermeasures have advanced considerably. Since detecting all evolving threats has become challenging, there is a growing interest in developing proactive countermeasures that can minimize the damage even in environments where ransomware has already been executed. In this study, we gained insights from an attacker's perspective by analyzing ransomware such as LockBit and derived a generic counterstrategy against features that are common in ransomware attacks. Our proposed method protects critical files from existing ransomware by applying a hiding strategy that poses a challenge to attackers in finding the target files. We also present best practices for implementing the strategy while considering both in terms of security and usability using the link file and improving the method through the addition of a linker and encrypted database to reduce the attack surface. By using real-world ransomware samples, our experiments show that the proposed method successfully protects valuable files against ransomware in a cost-effective manner.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2023.3309879</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>avoidance mechanism ; Behavioral sciences ; Best practice ; Computer security ; Cybersecurity ; Encryption ; Feature extraction ; Malware ; malware analysis ; Monitoring ; Ransomware ; Static analysis ; Usability</subject><ispartof>IEEE access, 2023-01, Vol.11, p.1-1</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c459t-d7e4820dd4c67f7c04035cf9be0635447bad1c9ef09d0f692ce63e7f2f7c29543</citedby><cites>FETCH-LOGICAL-c459t-d7e4820dd4c67f7c04035cf9be0635447bad1c9ef09d0f692ce63e7f2f7c29543</cites><orcidid>0000-0002-1318-6612 ; 0000-0002-5183-5927 ; 0009-0007-4956-7234 ; 0000-0001-9146-5441</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10233856$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,860,2096,27610,27901,27902,54908</link.rule.ids></links><search><creatorcontrib>Lee, Soohan</creatorcontrib><creatorcontrib>Lee, Suhyeon</creatorcontrib><creatorcontrib>Park, Jiwon</creatorcontrib><creatorcontrib>Kim, Kyoungmin</creatorcontrib><creatorcontrib>Lee, Kyungho</creatorcontrib><title>Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File</title><title>IEEE access</title><addtitle>Access</addtitle><description>Ransomware is a growing threat and is building ecosystems in the form of ransomware as a service (RaaS). While there have been diverse efforts to detect and mitigate such threats, techniques to bypass such countermeasures have advanced considerably. Since detecting all evolving threats has become challenging, there is a growing interest in developing proactive countermeasures that can minimize the damage even in environments where ransomware has already been executed. In this study, we gained insights from an attacker's perspective by analyzing ransomware such as LockBit and derived a generic counterstrategy against features that are common in ransomware attacks. Our proposed method protects critical files from existing ransomware by applying a hiding strategy that poses a challenge to attackers in finding the target files. We also present best practices for implementing the strategy while considering both in terms of security and usability using the link file and improving the method through the addition of a linker and encrypted database to reduce the attack surface. By using real-world ransomware samples, our experiments show that the proposed method successfully protects valuable files against ransomware in a cost-effective manner.</description><subject>avoidance mechanism</subject><subject>Behavioral sciences</subject><subject>Best practice</subject><subject>Computer security</subject><subject>Cybersecurity</subject><subject>Encryption</subject><subject>Feature extraction</subject><subject>Malware</subject><subject>malware analysis</subject><subject>Monitoring</subject><subject>Ransomware</subject><subject>Static analysis</subject><subject>Usability</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNkU9rGzEQxZeSQkOST9AeBD3blTTS7io3s-QfGBLihhyFVhrZcuyVo5UJ_vZdZ03JXGYY3vvNwCuKn4xOGaPqz6xpbhaLKaccpgBU1ZX6VpxzVqoJSCjPvsw_iqu-X9Oh6mElq_NidR9c6JYkdCSvkDQpfrhr8my6Pm4_TELylGJGm0PsSHsgMxd3-ahvzDbu_cYskZjOkRNlkZPJuDyQ15BXn8B56N7IbdjgZfHdm02PV6d-Ubzc3vxt7ifzx7uHZjafWCFVnrgKRc2pc8KWla8sFRSk9apFWoIUomqNY1ahp8pRXypusQSsPB-0XEkBF8XDyHXRrPUuha1JBx1N0J-LmJbapBzsBjXwljEGgqKphWXY-paqUkiKzgMzMLB-j6xdiu977LNex33qhvc1r6WqmFCMDioYVTbFvk_o_19lVB8T0mNC-piQPiU0uH6NroCIXxwcoJYl_AOziYwW</recordid><startdate>20230101</startdate><enddate>20230101</enddate><creator>Lee, Soohan</creator><creator>Lee, Suhyeon</creator><creator>Park, Jiwon</creator><creator>Kim, Kyoungmin</creator><creator>Lee, Kyungho</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-1318-6612</orcidid><orcidid>https://orcid.org/0000-0002-5183-5927</orcidid><orcidid>https://orcid.org/0009-0007-4956-7234</orcidid><orcidid>https://orcid.org/0000-0001-9146-5441</orcidid></search><sort><creationdate>20230101</creationdate><title>Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File</title><author>Lee, Soohan ; Lee, Suhyeon ; Park, Jiwon ; Kim, Kyoungmin ; Lee, Kyungho</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c459t-d7e4820dd4c67f7c04035cf9be0635447bad1c9ef09d0f692ce63e7f2f7c29543</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>avoidance mechanism</topic><topic>Behavioral sciences</topic><topic>Best practice</topic><topic>Computer security</topic><topic>Cybersecurity</topic><topic>Encryption</topic><topic>Feature extraction</topic><topic>Malware</topic><topic>malware analysis</topic><topic>Monitoring</topic><topic>Ransomware</topic><topic>Static analysis</topic><topic>Usability</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Lee, Soohan</creatorcontrib><creatorcontrib>Lee, Suhyeon</creatorcontrib><creatorcontrib>Park, Jiwon</creatorcontrib><creatorcontrib>Kim, Kyoungmin</creatorcontrib><creatorcontrib>Lee, Kyungho</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lee, Soohan</au><au>Lee, Suhyeon</au><au>Park, Jiwon</au><au>Kim, Kyoungmin</au><au>Lee, Kyungho</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2023-01-01</date><risdate>2023</risdate><volume>11</volume><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Ransomware is a growing threat and is building ecosystems in the form of ransomware as a service (RaaS). While there have been diverse efforts to detect and mitigate such threats, techniques to bypass such countermeasures have advanced considerably. Since detecting all evolving threats has become challenging, there is a growing interest in developing proactive countermeasures that can minimize the damage even in environments where ransomware has already been executed. In this study, we gained insights from an attacker's perspective by analyzing ransomware such as LockBit and derived a generic counterstrategy against features that are common in ransomware attacks. Our proposed method protects critical files from existing ransomware by applying a hiding strategy that poses a challenge to attackers in finding the target files. We also present best practices for implementing the strategy while considering both in terms of security and usability using the link file and improving the method through the addition of a linker and encrypted database to reduce the attack surface. By using real-world ransomware samples, our experiments show that the proposed method successfully protects valuable files against ransomware in a cost-effective manner.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2023.3309879</doi><tpages>1</tpages><orcidid>https://orcid.org/0000-0002-1318-6612</orcidid><orcidid>https://orcid.org/0000-0002-5183-5927</orcidid><orcidid>https://orcid.org/0009-0007-4956-7234</orcidid><orcidid>https://orcid.org/0000-0001-9146-5441</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2169-3536 |
| ispartof | IEEE access, 2023-01, Vol.11, p.1-1 |
| issn | 2169-3536 2169-3536 |
| language | eng |
| recordid | cdi_proquest_journals_2859714910 |
| source | IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
| subjects | avoidance mechanism Behavioral sciences Best practice Computer security Cybersecurity Encryption Feature extraction Malware malware analysis Monitoring Ransomware Static analysis Usability |
| title | Hiding in the Crowd: Ransomware Protection by Adopting Camouflage and Hiding Strategy With the Link File |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T20%3A32%3A48IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Hiding%20in%20the%20Crowd:%20Ransomware%20Protection%20by%20Adopting%20Camouflage%20and%20Hiding%20Strategy%20With%20the%20Link%20File&rft.jtitle=IEEE%20access&rft.au=Lee,%20Soohan&rft.date=2023-01-01&rft.volume=11&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2023.3309879&rft_dat=%3Cproquest_cross%3E2859714910%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2859714910&rft_id=info:pmid/&rft_ieee_id=10233856&rft_doaj_id=oai_doaj_org_article_32b111340ea84c1ebfb096450edf31a3&rfr_iscdi=true |