ew 18: e6

Research Article

A Three-Level Ransomware Detection and Prevention Mechanism

Download43 downloads
  • @ARTICLE{10.4108/eai.13-7-2018.162691,
        author={Amos Loh Yee Ren and Chong Tze Liang and Im Jun Hyug and Sarfraz Nawaz Broh and NZ Jhanjhi},
        title={A Three-Level Ransomware Detection and Prevention Mechanism},
        journal={EAI Endorsed Transactions on Energy Web: Online First},
        volume={},
        number={},
        publisher={EAI},
        journal_a={EW},
        year={2020},
        month={1},
        keywords={Malware, Petya, Ransomware, Security, Virtual Machine},
        doi={10.4108/eai.13-7-2018.162691}
    }
    
  • Amos Loh Yee Ren
    Chong Tze Liang
    Im Jun Hyug
    Sarfraz Nawaz Broh
    NZ Jhanjhi
    Year: 2020
    A Three-Level Ransomware Detection and Prevention Mechanism
    EW
    EAI
    DOI: 10.4108/eai.13-7-2018.162691
Amos Loh Yee Ren1, Chong Tze Liang1, Im Jun Hyug1, Sarfraz Nawaz Broh1, NZ Jhanjhi1,*
  • 1: School of Computing & IT, Taylor’s University, Malaysia
*Contact email: noorzaman.jhanjhi@taylors.edu.my

Abstract

Ransomware encrypts victim’s files or locks users out of the system. Victims will have to pay the attacker a ransom to decrypt and regain access to the user files. Petya targets individuals and companies through email attachments and download links. NotPetya has worm-like capabilities and exploits EternalBlue and EternalRomance vulnerabilities. Protection methods include vaccination, applying patches, et cetera. Challenges faced to combat ransomware include social engineering, outdated infrastructures, technological advancements, backup issues, and conflicts of standards. ThreeLevel Security (3LS) is a solution to ransomware that utilizes virtual machines along with browser extensions to perform a scan, on any files that the user wishes to download from the Internet. The downloaded files would be sent over a cloud server relay to a virtual machine by a browser extension. Any changes to the virtual machine after downloading the file would be observed, and if there were a malfunction in the virtual machine, the file would not be retrieved to the user’s system.