Défense contre les ransomwares
We observed an alarming rising amount of ransomware attacks worldwide in the last few years. These attacks made hundreds of millions of losses in ransom and caused the shutdown of strategic elements, such as pipeline operators, hospitals, etc. The most popular type of ransomware, crypto-ransomware, locks its victim's file using an encryption algorithm.
In the present study, we explain what ransomware are concretely and how they work. We explain in details the functioning of the Cerber ransomware. After that, we provide many possible ways to defend ourselves against ransomware, these defenses can be set in many different levels of a company. We also present how ransomware evolved to evade such defensive measures.
We saw that it is crucial to detect a ransomware attack as soon as possible to prevent more losses and shutdowns, so we study diverse means of detection and explain some state-of-the-art tools. Some use static analysis, i.e., analyzing the file at rest, other use dynamic analysis where we want to activate the ransomware in a secured sandbox, to be able to observe its behavior. We also use traps or honeyfiles to detect ransomware.
The implementation part was around trying, testing, and fine-tuning different detection means to group them in a tool that tries to defend our Windows system against ransomware. We tested the detection medium against real well-known ransomware in a sandbox VM environment. Our tests have given us some ideas on what detection works in what case, what does not and how can we try to improve the tools in the future. Moreover, it also helped us to understand more about how ransomware works in detail, and what specificities they have about each other.
Etudiant: Florian Mülhauser
Année: 2022
Département: TIC
Filière: Informatique et systèmes de communication (anciennement Télécommunications) avec orientation en Sécurité de l'information
Type de formation: Plein temps