Ransomeware - PSJoshi/Notes GitHub Wiki

• UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware - https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_kharraz.pdf
• Detecting ransomeware is not that complex - https://www.blackhat.com/docs/us-15/materials/us-15-Kirda-Most-Ransomware-Isn%E2%80%99t-As-Complex-As-You-Might-Think-wp.pdf
• Anomaly detection vs ransomeware - https://medium.com/@cybersiftIO/anomaly-detection-vs-ransomware-b83510a3a860
• More anomaly detection vs ransomeware - https://towardsdatascience.com/more-anomaly-detection-vs-ransomware-4ef23f8ae5f
• Architecture of ransomeware (2-part series) - https://securityshenaningans.medium.com/architecture-of-a-ransomware-1-2-1b9fee757fcb
• Wannacry analysis using ELK - https://www.elastic.co/blog/malware-analysis-wannacry-elastic-stack

Papers

• Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303–312). IEEE.
• Mbol, F., Robert, J.M. and Sadighian, A., 2016, November. An efficient approach to detect torrentlocker ransomware in computer systems. In International Conference on Cryptology and Network Security (pp. 532–541). Springer International Publishing.
• Detection and classification of malicious process using system call analysis - http://www.datafusionlab.org/sites/default/files/publications/rcanzanese_thesis.pdf
• Automated behavioural analysis of ransomware - https://arxiv.org/pdf/1709.08753v1.pdf
• Ransomeware behavioural analysis on Windows platform - https://www.sciencedirect.com/science/article/pii/S2214212617306506
• Behavioural based approach for ransomeware detection - https://labs.mwrinfosecurity.com/assets/resourceFiles/mwri-behavioural-ransomware-detection-2017-04-5.pdf
• Leveraging machine learning techniques for ransomeware network traffic detection - https://link.springer.com/chapter/10.1007/978-3-319-73951-9_5
• Ransomewall, layered defense against crypto-ransomeware using machine learning - http://www.cse.iitd.ernet.in/~vinay/papers/preprint_ransomwall.pdf
• Behavioural based approach for ransomeware detection - https://labs.mwrinfosecurity.com/assets/resourceFiles/mwri-behavioural-ransomware-detection-2017-04-5.pdf
• Tracking ransomeware - https://published-prd.lanyonevents.com/published/rsaus17/sessionsFiles/4953/LAB1-W04_LAB1-W04_Tracking-Ransomware-Using-Behavior-to-Find-New-Threats.pdf
• Large scale automated approach for detecting ransomeware - https://www.usenix.org/sites/default/files/conference/protected-files/security16_slides_kharaz.pdf
• Automated dynamic analysis of ransomeware - https://arxiv.org/pdf/1609.03020.pdf
• Ransomeware analysis using process monitor - https://uta-ir.tdl.org/uta-ir/bitstream/handle/10106/27184/KARDILE-THESIS-2017.pdf?sequence=1&isAllowed=y
• Reasoning crypto ransomware infection vectors with Bayesian networks - https://ieeexplore.ieee.org/document/8004894/
• Survey of Ransomeware attacks using machine learning techniques - https://www.ripublication.com/ijaer17/ijaerv12n18_105.pdf
• ShieldFS for detection of ransomeware - https://www.blackhat.com/docs/us-17/wednesday/us-17-Continella-ShieldFS-The-Last-Word-In-Ransomware-Resilient-Filesystems.pdf
• Sophos - Stop the exploit, stop the attack - https://secure2.sophos.com/it-it/medialibrary/PDFs/other/end-of-ransomware/MarkLomanSophosInterceptX.ashx?la=it-IT
• Machine learning based detection of ransomeware using SDN - https://olivermichel.github.io/doc/ml-ransomware-sdnnfvsec18.pdf
• Ransomeware command-and-control detection using machine learning - https://www.acalvio.com/ransomware-command-and-control-detection-using-machine-learning/

Useful github repositories for concepts:

• GonnaCry - Python based ransomeware - https://github.com/tarcisio-marinho/GonnaCry/tree/master/Python
• Ransomeware honeypot - https://github.com/utkusen/eda2
• Ransomeware like file crypter - https://github.com/goliate/hidden-tear