Defeating Ransomware By Hooking System Calls On Windows Os
MetadataShow full item record
This paper explains why ransomware needs to use the Windows API to encrypt files andhow this can be utilized to protect sensitive data from ransomware. Critical API functions are examinedon a low level and a generic method to monitor and possibly block their usage through systemcall hooks is presented. This approach is then demonstrated with a custom kernel mode driver whichcan keep protected files safe from any user mode malware. It is then compared to current ransomwareprotection in Windows 10.
Document typePeer reviewed
Document versionFinal PDF
SourceProceedings I of the 27st Conference STUDENT EEICT 2021: General papers. s. 24-27. ISBN 978-80-214-5942-7
- Student EEICT 2021