Original title:
Defeating Ransomware By Hooking System Calls On Windows Os
Authors:
Touš, Filip Document type: Papers
Language:
cze Publisher:
Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií Abstract:
This paper explains why ransomware needs to use the Windows API to encrypt files andhow this can be utilized to protect sensitive data from ransomware. Critical API functions are examinedon a low level and a generic method to monitor and possibly block their usage through systemcall hooks is presented. This approach is then demonstrated with a custom kernel mode driver whichcan keep protected files safe from any user mode malware. It is then compared to current ransomwareprotection in Windows 10.
Keywords:
hooking; ransomware; system call; Windows API Host item entry: Proceedings I of the 27st Conference STUDENT EEICT 2021: General papers, ISBN 978-80-214-5942-7
Institution: Brno University of Technology
(web)
Document availability information: Fulltext is available in the Brno University of Technology Digital Library. Original record: http://hdl.handle.net/11012/200756