No Random, No Ransom: A Key to Stop Cryptographic Ransomware [chapter]

Ziya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan
2018 Lecture Notes in Computer Science  
To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to mitigate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized
more » ... ications that call them. Our strategy, tested against 524 active real-world ransomware samples, stops 94% of them, including WannaCry, Locky, CryptoLocker and CryptoWall. Remarkably, it also nullifies NotPetya, the latest offspring of the family which so far has eluded all defenses.
doi:10.1007/978-3-319-93411-2_11 fatcat:zikyllkbtfbqdbsfxrlyvfiotu