Crypto-Ransomware Detection Using Selective Hashing

Abstract

Ransomware is a malicious software that attempts to encrypt the user’s files and demand a ransom in exchange for decrypting the files. This malware may have catastrophic impacts on the availability of data and consequently on the services provided by the infected organizations and institutes. Ransomware detection has been a challenge for researchers in the past few years. In this paper, we propose a behavioral ransomware detection method that utilizes fast selective hashing techniques. By selective we mean that only few selected blocks from a file are used for similarity comparison. Our experimental results demonstrate the efficacy of the proposed method in ransonware detection in terms of detection time. For 1000 files of a total size of 20GB and a detection threshold set to five files, our proposed system is able to detect a ransomware on average within 2.76 seconds saving 99.5% of the total files without taking much of the system resources and affecting user experience.