Increasing advancement in online data analysis, storage and ubiquitous information utilization have led to an increase in cyber-crimes. An emerging threat on the greater cyber security canvas is that of ransomware. Classified as a type of crypto-malware in the language of computer virology, ransomware seeks to encrypt data on user machines with the sole objective of locking access to critical information. The perpetrators afterwards use sophisticated techniques to demand ransom (usually in the form of cryptocurrency) from the victims to unlock their data. The consequences are disastrous as has been noted in many recent cases, where for example hospital/patient data has been locked, and attackers demanding ransom that needed to be paid without any guarantees that relevant information will be unlocked. High tech companies have also been reported to have suffered ransomware attacks, some keeping substantial stocks of cryptocurrencies (e.g. bitcoin) with a view to use these to pay ransom. Initial work in this project has resulted in a review paper.
The problem is generalized in the present project to make a tool that is capable of detecting a ransomware attack and take necessary actions in order to mitigate the damage caused by the attack. Moreover, the tool would also be capable of backing up of the data on a cloud service. The scope of this project is greatly dependent on ascertaining/benchmarking the 'regular activity' of a user on a particular system. Individual system usage (somewhat similar to user profiling) is monitored over a period of time using system processes, applications along with network attributes to determine and classify 'normal' usage for that particular user/user class. Once the normal behavior is learnt, any anomalies in usage patterns can be identified. The tool utilizes security schemes such as intelligent honey-pot placement, monitoring of usage to mitigate real-time attacks and creating a check-pointing mechanism to replicate critical data on cloud at pre-determined frequencies.