Trends in design of ransomware viruses

The ransomware nightmare is taking over the internet impacting common users,small businesses and large ones. The interest and investment which are pushed into this market each month, tells us a few things about the evolution of both technical and social engineering and what to expect in the short-coming future from them. In this paper we analyze how ransomware programs developed in the last few years and how they were released in certain market segments throughout the deep web via RaaS, exploits or SPAM, while learning from their own mistakes to bring profit to the next level. We will also try to highlight some mistakes that were made, which allowed recovering the encrypted data, along with the ransomware authors preference for specific encryption types, how they got to distribute, the silent agreement between ransomwares, coin-miners and bot-nets and some edge cases of encryption, which may prove to be exploitable in the short-coming future

A Roadmap for Improving the Impact of Anti-Ransomware Research

Ransomware is a type of malware which restricts access to a victim’s computing resources and demands a ransom in order to restore access. This is a continually growing and costly threat across the globe, therefore efforts have been made both in academia and industry to develop techniques that can help to detect and recover from ransomware attacks. This paper aims to provide an overview of the current landscape of Windows-based anti-ransomware tools and techniques, using a clear, simple and consistent terminology in terms of Data Sources, Processing and Actions. We extensively analysed relevant literature so that, to the best of our knowledge, we had at the time covered all approaches taken to detect and recover from ransomware attacks. We grouped these techniques according to their main features as a way to understand the landscape. We then selected 15 existing anti-ransomware tools both to examine how they fit into this landscape and to compare them by aggregating their accuracy and overhead – two of the most important selection criteria of these tools – as reported by the tools’ respective authors. We were able to determine popular solutions and unexplored gaps that could lead to promising areas of anti-ransomware development. From there, we propose two novel detection techniques, namely serial byte correlation and edit distance. This paper serves as a much needed roadmap of knowledge and ideas to systematise the current landscape of anti-ransomware tools

ESCAPADE: Encryption-type-ransomeware: system call based pattern detection

Encryption-type ransomware has risen in prominence lately as the go-to malware for threat actors aiming to compromise Android devices. In this paper, we present a ransomware detection technique based on behaviours observed in the system calls performed by the malware. We identify and present some common high-level system call behavioural patterns targeted at encryption-type ransomware and evaluate these patterns. We further present our repeatable and extensible methodology for extracting the system call log and patterns

IntelliAV: Toward the Feasibility of Building Intelligent Anti-malware on Android Devices

Part 3: MAKE PrivacyInternational audienceAndroid is targeted the most by malware coders as the number of Android users is increasing. Although there are many Android anti-malware solutions available in the market, almost all of them are based on malware signatures, and more advanced solutions based on machine learning techniques are not deemed to be practical for the limited computational resources of mobile devices. In this paper we aim to show not only that the computational resources of consumer mobile devices allow deploying an efficient anti-malware solution based on machine learning techniques, but also that such a tool provides an effective defense against novel malware, for which signatures are not yet available. To this end, we first propose the extraction of a set of lightweight yet effective features from Android applications. Then, we embed these features in a vector space, and use a pre-trained machine learning model on the device for detecting malicious applications. We show that without resorting to any signatures, and relying only on a training phase involving a reasonable set of samples, the proposed system outperforms many commercial anti-malware products, as well as providing slightly better performances than the most effective commercial products

Trattato di Diritto dell'Ambiente - Vol. II: I procedimenti Amministrativi per la tutela dell'ambiente - Capitolo 10: L'accertamento del danno ambientale

Il Trattato si compone di tre volumi, con i quali si d\ue0 conto in modo pressoch\ue9 completo dell'evoluzione del diritto dell'ambiente, della sua collocazione nell'ordinamento giuridico generale e delle normative di settore che ne costituiscono il corpo disciplinare. Alla luce di ci\uf2, l'approccio dei singoli contributi di ognuno dei tre volumi del Trattato vuole essere eminentemente pratico, senza tuttavia rinunciare ad una pi\uf9 generale e sistematica riflessione intorno alla problematiche che vengono affrontate. E pour cause, verrebbe da ribadire, poich\ue9 il diritto dell'ambiente intercetta s\uec problemi, ed anche bisogni ed emergenze, a carattere concreto ma svolge, altres\uec, una funzione maieutica delineando soluzioni utili ed efficaci per molti problemi, anche al di fuori (oppure oltre) i confini della materia strettamente ambientale