guest ::
| Home > Conference materials > Papers > Defeating Ransomware By Hooking System Calls On Windows Os |
Original title:
Defeating Ransomware By Hooking System Calls On Windows Os
Authors: Touš, Filip
Document type: Papers
Language: cze
Publisher: Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Abstract: This paper explains why ransomware needs to use the Windows API to encrypt files andhow this can be utilized to protect sensitive data from ransomware. Critical API functions are examinedon a low level and a generic method to monitor and possibly block their usage through systemcall hooks is presented. This approach is then demonstrated with a custom kernel mode driver whichcan keep protected files safe from any user mode malware. It is then compared to current ransomwareprotection in Windows 10.
Keywords: hooking; ransomware; system call; Windows API
Host item entry: Proceedings I of the 27st Conference STUDENT EEICT 2021: General papers, ISBN 978-80-214-5942-7
Institution: Brno University of Technology (web)
Document availability information: Fulltext is available in the Brno University of Technology Digital Library.
Original record: http://hdl.handle.net/11012/200756
Permalink: http://www.nusl.cz/ntk/nusl-447801
The record appears in these collections:
Universities and colleges > Public universities > Brno University of Technology
Conference materials > Papers
Authors: Touš, Filip
Document type: Papers
Language: cze
Publisher: Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Abstract: This paper explains why ransomware needs to use the Windows API to encrypt files andhow this can be utilized to protect sensitive data from ransomware. Critical API functions are examinedon a low level and a generic method to monitor and possibly block their usage through systemcall hooks is presented. This approach is then demonstrated with a custom kernel mode driver whichcan keep protected files safe from any user mode malware. It is then compared to current ransomwareprotection in Windows 10.
Keywords: hooking; ransomware; system call; Windows API
Host item entry: Proceedings I of the 27st Conference STUDENT EEICT 2021: General papers, ISBN 978-80-214-5942-7
Institution: Brno University of Technology (web)
Document availability information: Fulltext is available in the Brno University of Technology Digital Library.
Original record: http://hdl.handle.net/11012/200756
Permalink: http://www.nusl.cz/ntk/nusl-447801
The record appears in these collections:
Universities and colleges > Public universities > Brno University of Technology
Conference materials > Papers
Record created 2021-07-25, last modified 2021-08-22