Redemption: Real-Time Protection Against Ransomware at End-Hosts - - PowerPoint PPT Presentation

redemption real time protection against ransomware at end
SMART_READER_LITE
LIVE PREVIEW

Redemption: Real-Time Protection Against Ransomware at End-Hosts - - PowerPoint PPT Presentation

Oct 20, 2023 368 likes •722 views

Redemption: Real-Time Protection Against Ransomware at End-Hosts WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA What is Ransomware? What is Ransomware? u Ransomware is malicious software that encrypts user data, and

slide-1
SLIDE 1

Redemption: Real-Time Protection Against Ransomware at End-Hosts

WRITTEN BY: PRESENTED BY: AMIN KHARRAZ NICHOLAS BURTON ENGIN KIRDA

slide-2
SLIDE 2

What is Ransomware?

slide-3
SLIDE 3

What is Ransomware?

u Ransomware is malicious software that encrypts

user data, and demands a ransom is paid to unlock it.

slide-4
SLIDE 4

Well that sucks, how do I get my data back?

slide-5
SLIDE 5

Data Retrieval

u The easiest solution: keep a backup of your files.

slide-6
SLIDE 6

Data Retrieval

u The easiest solution: keep a backup of your files. u If and when you system is compromised by

ransomware, you can use the backup to get back your files.

slide-7
SLIDE 7

I don’t have a backup….

slide-8
SLIDE 8

I don’t have a backup…. and I NEED those files!

slide-9
SLIDE 9

This is really bad, can I prevent this?

slide-10
SLIDE 10

Prevention

u CryptoDrop

slide-11
SLIDE 11

Prevention

u CryptoDrop u SheildFS

slide-12
SLIDE 12

Prevention

u CryptoDrop u SheildFS u PayBreak

slide-13
SLIDE 13

None of those work very well, what now?

slide-14
SLIDE 14

Redemption, Real-Time Protection

slide-15
SLIDE 15

Redemption Design Overview

Two Components of Redemption

u A characterization of ransomware behavior based on

a large class of current ransomware.

u High performance and integrity mechanism to

restore attacked files.

slide-16
SLIDE 16

Redemption Design Overview

slide-17
SLIDE 17

How to determine Malice Score?

slide-18
SLIDE 18

Malice Score

Two Components of Malice Score Calculation

u Content-based features u Behavior-based features

slide-19
SLIDE 19

Content-Based Features

u Entropy Ratio of Data Blocks (Shannon Entropy)

slide-20
SLIDE 20

Content-Based Features

u Entropy Ratio of Data Blocks (Shannon Entropy) u File Content Overwrite

slide-21
SLIDE 21

Content-Based Features

u Entropy Ratio of Data Blocks (Shannon Entropy) u File Content Overwrite u Delete Operations

slide-22
SLIDE 22

Behavior-based Features

u Directory Traversal

slide-23
SLIDE 23

Behavior-based Features

u Directory Traversal u Converting Files to a Specific Type

slide-24
SLIDE 24

Behavior-based Features

u Directory Traversal u Converting Files to a Specific Type u Access Frequency

slide-25
SLIDE 25

Why two components of malice score calculation?

slide-26
SLIDE 26

Why two components of malice score calculation?

slide-27
SLIDE 27

Acceptable Malice Score

slide-28
SLIDE 28

Testing Against Other Anti-Ransomware Applications

slide-29
SLIDE 29

Overhead

slide-30
SLIDE 30

Getting around Redemption

slide-31
SLIDE 31

Social Engineering

u Aggravating a user to the point were they turn off

Redemption.

slide-32
SLIDE 32

Attacking the Malice Score Calculation

u Selective content Overwrite u Low entropy payload u Periodic file destruction

slide-33
SLIDE 33

Questions?