Defeating Ransomware By Hooking System Calls On Windows Os

Thumbnail Image
Files
24_eeict-2021_1.pdf(258.39 KB)
Date
2021
Authors
ORCID
Advisor
Referee
Mark
Journal Title
Journal ISSN
Volume Title
Publisher
Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Abstract
This paper explains why ransomware needs to use the Windows API to encrypt files andhow this can be utilized to protect sensitive data from ransomware. Critical API functions are examinedon a low level and a generic method to monitor and possibly block their usage through systemcall hooks is presented. This approach is then demonstrated with a custom kernel mode driver whichcan keep protected files safe from any user mode malware. It is then compared to current ransomwareprotection in Windows 10.
Description
Keywords
ransomware, Windows API, system call, hooking
Citation
Proceedings I of the 27st Conference STUDENT EEICT 2021: General papers. s. 24-27. ISBN 978-80-214-5942-7
https://conf.feec.vutbr.cz/eeict/index/pages/view/ke_stazeni
Document type
Peer-reviewed
Document version
Published version
Date of access to the full text
Language of document
cs
Study field
Comittee
Date of acceptance
Defence
Result of defence
Document licence
© Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
DOI
URI
http://hdl.handle.net/11012/200756
Collections
Student EEICT 2021
Citace PRO