Efficient and Effective Ransomware Detection in Databases
暂无分享,去创建一个
1 PROBLEM STATEMENT Ransomware – malware that prevents access to devices or data to extort ransom payments – has become increasingly popular with cyber criminals over the last few years as a convenient way to monetize malicious activities, with estimated damages totaling over 5 billion USD in 2017 [10]. While ransomware has commonly been found on personal computers or targeting specific organizations, a recent increase of ransomware attacks specifically aimed at web databases suggests that malware developers are expanding to this domain as well. In January of 2017, tens of thousands of MongoDB servers were hit in an attack called MongoDB Apocalypse [3, 4], followed by a second attack wave targeting MySQL servers [13]. Since then, ransomware attacks have spread to other server technologies, such as ElasticSearch [5], Cassandra [1], Hadoop and CouchDB [2]. There are multiple incentives for criminals to target databases for ransom payments, which suggest more attacks in the future. First, enterprises can afford to pay higher ransoms than private users. The typical ransom amount for regular users lies in the range of a few hundred dollars. However, businesses can potentially pay
[1] Patrick Traynor,et al. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).
[2] Alessandro Barenghi,et al. ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.
[3] Gianluca Stringhini,et al. PayBreak: Defense Against Cryptographic Ransomware , 2017, AsiaCCS.
[4] Peng Liu,et al. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware , 2017, CCS.