"Crypto-ransomware" is known as the piece of malware that encrypts user's private files and holds them hostage until a payment is made to the hacker. Over the past decade we have witnessed ransomware attack methods advance in techniques and increase in profit. Earlier variants of this malware were more contained, less costly, and easier to detect. Over time capabilities have progressed from just locking a victims' computer screen, to encrypting files, to encrypting the keys that decrypt the files, and so on.
We have proposed a machine learning approach for dynamically analysing and classifying ransomware by monitoring a set of actions performed by applications in their first phases of installation checking for characteristics signs of ransomware. Our approach works without requiring that an entire ransomware family is available beforehand. A preliminary version of a paper can be found here: arXiv:1609.03020, 2016. Daniele Sgandurra, Luis Muñoz-González, Rabih Mohsen, Emil C. Lupu. “Automated Analysis of Ransomware: Benefits, Limitations, and use for Detection.”
The slides for the Lecture I gave on Ransomware for the Lorenzo Cavallaro's Course Malicious Software are available here.
You can find here the ransomware dataset we collected and analysed, which includes 582 samples of ransomware and 942 good applications. More info on the dataset can be found here.