Open AccessA behavioural in‐depth analysis of ransomware infection
Author(s) -
Lemmou Yassine,
Lanet JeanLouis,
Souidi El Mamoun
Publication year - 2021
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/ise2.12004
Subject(s) - medicine , humanities , library science , art , computer science
Ransomware is a type of malware that has spread rapidly over the last 4 years, causing significant damage, especially in Windows environments. It is designed to encrypt or block victim's data, including documents, backups, and databases, unless a ransom is paid. In this study, the authors present the results of their research on Windows crypto‐ransomware during the last 3 years by exploring and discussing the relevant ransomware behaviours. The results of this study can be used to identify or to detect the ransomware. Indeed, these behaviours were extracted from in‐depth manual analysis of more than 20 ransomware families, including the known and the recent families. In addition, some extracted behaviours were automatically searched for more than 200 different ransomware collected during 2019.