Defeating Ransomware By Hooking System Calls On Windows Os

Touš, Filip

Defeating Ransomware By Hooking System Calls On Windows Os

Files

24_eeict-2021_1.pdf (258.39 KB)

Date

2021

Authors

Touš, Filip

Publisher

Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií

Abstract

This paper explains why ransomware needs to use the Windows API to encrypt files andhow this can be utilized to protect sensitive data from ransomware. Critical API functions are examinedon a low level and a generic method to monitor and possibly block their usage through systemcall hooks is presented. This approach is then demonstrated with a custom kernel mode driver whichcan keep protected files safe from any user mode malware. It is then compared to current ransomwareprotection in Windows 10.

Keywords

ransomware , Windows API , system call , hooking

Citation

Proceedings I of the 27st Conference STUDENT EEICT 2021: General papers. s. 24-27. ISBN 978-80-214-5942-7
https://conf.feec.vutbr.cz/eeict/index/pages/view/ke_stazeni

Document type

Peer-reviewed

Document version

Published version

Language of document

cs

URI

http://hdl.handle.net/11012/200756

Collections

Student EEICT 2021

Citace PRO

Full item page

Defeating Ransomware By Hooking System Calls On Windows Os

Files

Date

Authors

Advisor

Referee

Mark

Journal Title

Journal ISSN

Volume Title

Publisher

ORCID

Abstract

Description

Keywords

Citation

Document type

Document version

Date of access to the full text

Language of document

Study field

Comittee

Date of acceptance

Defence

Result of defence

DOI

URI

Collections

Endorsement

Review

Supplemented By

Referenced By

Citace PRO