Abstract: Ransomware attacks have risen exponentially over the past decade with increasing severity, potency to cause damage, and ease of carrying out attack. The conventional anti-malware techniques are compelled to include advanced ransomware detection mechanisms. This paper presents the results of the study and analysis of ransomware executable files in order to identify the characteristic properties that distinguish ransomware from other malware and benign executable files. The program binaries are analyzed statically and dynamically to observe the typical behaviour and structure of the ransomware. Using the static analysis technique, Ransomware - specific properties are extracted from the executable files. The experiments show that higher accuracy of classification, using machine learning algorithms, is achieved by combining these properties with the set of generic malware properties for malware detection.
Keywords: Ransomware, Malware Detection, Static Analysis, Dynamic Analysis
| DOI: 10.17148/IJARCCE.2019.8461