National Repository of Grey Literature 1 records found  Search took 0.00 seconds. 
Defeating Ransomware By Hooking System Calls On Windows Os
Touš, Filip
This paper explains why ransomware needs to use the Windows API to encrypt files andhow this can be utilized to protect sensitive data from ransomware. Critical API functions are examinedon a low level and a generic method to monitor and possibly block their usage through systemcall hooks is presented. This approach is then demonstrated with a custom kernel mode driver whichcan keep protected files safe from any user mode malware. It is then compared to current ransomwareprotection in Windows 10.

Interested in being notified about new results for this query?
Subscribe to the RSS feed.