Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks
Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks
Amin Kharraz,William K. Robertson,2 Authors,E. Kirda
2015 · DOI: 10.1007/978-3-319-20550-2_1
International Conference on Detection of intrusions and malware, and vulnerability assessment · 437 Citations
TLDR
A long-term study of ransomware attacks that have been observed in the wild between 2006 and 2014 suggests that by looking at I/O requests and protecting Master File Table MFT in the NTFS file system, it is possible to detect and prevent a significant number of zero-day ransomware attacks.