Why Ransomware Needs A Human Touch

Ransomware is currently one of the biggest threats in malware attacks. Although the first known attack occurred in 1989, only in the last 6 years has this threat greatly increased and become more sophisticated. The lack of adequate security measures and awareness propelled the rapid spread and increased severity of ransomware variants (e.g., WannaCry ransomware in 2017). Further, there is little research work on this matter, only traditional protections are available and even state-of-the-art mobile malware detection approaches are still ineffective. This greatly increases the attack surface on the mobile domain. To better understand the research work performed on this subject, this paper presents a detailed review of the literature on ransomware, existing mainly since 2015. Results show that most work focus on the analysis of ransomware structures and development/testing of detection solutions. Very few studies focus on human related solutions or ransomware prevention. This paper also presents an analysis of a sample of ransomware email subject lines regarding the integration of persuasion content and targeted/personal aspects, so to identify and understand more human aspects of the attack. In order to avoid mistakes similar to other social engineering malware research approaches (e.g., email phishing and scams), which have been more comprehensively studied, ransomware research direction must be completely reversed. It must focus mainly on prevention and backup/restoring procedures, which are related to sociotechnical solutions that can manage and understand users' awareness, workflow, behaviours and needs.

[1]  Sung-Ryul Kim,et al.  Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph , 2017, RACS.

[2]  Aniello Cimitile,et al.  Talos: no more ransomware victims with formal methods , 2018, International Journal of Information Security.

[3]  Nir Kshetri,et al.  Do Crypto-Currencies Fuel Ransomware? , 2017, IT Professional.

[4]  Ana Ferreira,et al.  Phishing Through Time: A Ten Year Story based on Abstracts , 2018, ICISSP.

[5]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[6]  Ali A. Ghorbani,et al.  DNA-Droid: A Real-Time Android Ransomware Detection Framework , 2017, NSS.

[7]  Hongsong Chen,et al.  Reasoning crypto ransomware infection vectors with Bayesian networks , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[8]  Danilo Caivano,et al.  Ransomware at X-Rays , 2017, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[9]  C R S Kumar,et al.  Ransomware: The CryptoVirus subverting cloud security , 2017, 2017 International Conference on Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET).

[10]  S. Karthikeyan,et al.  A survey on rise of mobile malware and detection methods , 2017, 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[11]  Yap L. Dion,et al.  Negation of Ransomware via Gamification and Enforcement of Standards , 2017, CSAI 2017.

[12]  Kirsten Rassmus-Gröhn,et al.  Supporting presence in collaborative environments by haptic force feedback , 2000, TCHI.

[13]  Alessandro Barenghi,et al.  ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[14]  Bo Chen,et al.  RDS3: Ransomware defense strategy by using stealthily spare space , 2017, 2017 IEEE Symposium Series on Computational Intelligence (SSCI).

[15]  Bander Ali Saleh Al-rimy,et al.  Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions , 2018, Comput. Secur..

[16]  Mohsen Guizani,et al.  The rise of ransomware and emerging security challenges in the Internet of Things , 2017, Comput. Networks.

[17]  Thaier Hayajneh,et al.  Detection and prevention of crypto-ransomware , 2017, 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON).

[18]  Mohammad Mehdi Ahmadian,et al.  2entFOX: A framework for high survivable ransomwares detection , 2016, 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).