ew 20(26): e6

Research Article

A Three-Level Ransomware Detection and Prevention Mechanism

Download2647 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.13-7-2018.162691,
    author={Amos Loh Yee Ren and Chong Tze Liang and Im Jun Hyug and Sarfraz Nawaz Broh and NZ Jhanjhi},
    title={A Three-Level Ransomware Detection and Prevention Mechanism},
    journal={EAI Endorsed Transactions on Energy Web},
    volume={7},
    number={26},
    publisher={EAI},
    journal_a={EW},
    year={2020},
    month={1},
    keywords={Malware, Petya, Ransomware, Security, Virtual Machine},
    doi={10.4108/eai.13-7-2018.162691}
}
  • Amos Loh Yee Ren
    Chong Tze Liang
    Im Jun Hyug
    Sarfraz Nawaz Broh
    NZ Jhanjhi
    Year: 2020
    A Three-Level Ransomware Detection and Prevention Mechanism
    EW
    EAI
    DOI: 10.4108/eai.13-7-2018.162691
Amos Loh Yee Ren1, Chong Tze Liang1, Im Jun Hyug1, Sarfraz Nawaz Broh1, NZ Jhanjhi1,*
  • 1: School of Computing & IT, Taylor’s University, Malaysia
*Contact email: noorzaman.jhanjhi@taylors.edu.my

Abstract

Ransomware encrypts victim’s files or locks users out of the system. Victims will have to pay the attacker a ransom to decrypt and regain access to the user files. Petya targets individuals and companies through email attachments and download links. NotPetya has worm-like capabilities and exploits EternalBlue and EternalRomance vulnerabilities. Protection methods include vaccination, applying patches, et cetera. Challenges faced to combat ransomware include social engineering, outdated infrastructures, technological advancements, backup issues, and conflicts of standards. ThreeLevel Security (3LS) is a solution to ransomware that utilizes virtual machines along with browser extensions to perform a scan, on any files that the user wishes to download from the Internet. The downloaded files would be sent over a cloud server relay to a virtual machine by a browser extension. Any changes to the virtual machine after downloading the file would be observed, and if there were a malfunction in the virtual machine, the file would not be retrieved to the user’s system.

Keywords
Malware, Petya, Ransomware, Security, Virtual Machine
Received
2019-09-16
Accepted
2019-12-29
Published
2020-01-14
Publisher
EAI
http://dx.doi.org/10.4108/eai.13-7-2018.162691

Copyright © 2020 Amos Loh Yee Ren et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.