Skip to main content

Ransomware Deployment Methods and Analysis: Views from a Predictive Model and Human Responses

Hull, Gavin, John, Henna, Arief, Budi (2019) Ransomware Deployment Methods and Analysis: Views from a Predictive Model and Human Responses. Crime Science, 8 . Article Number 2. ISSN 2193-7680. (doi:10.1186/s40163-019-0097-9) (KAR id:71720)

PDF Publisher pdf
Language: English


Download this file
(PDF/1MB)
[thumbnail of Hull2019_Article_RansomwareDeploymentMethodsAnd.pdf]
Request a format suitable for use with assistive technology e.g. a screenreader
PDF (Questionnaire Template - Company) Supplemental Material
Language: English


Download this file
(PDF/149kB)
[thumbnail of Questionnaire Template - Company]
Preview
Request a format suitable for use with assistive technology e.g. a screenreader
PDF (Questionnaire Template - Students) Supplemental Material
Language: English


Download this file
(PDF/137kB)
[thumbnail of Questionnaire Template - Students]
Preview
Request a format suitable for use with assistive technology e.g. a screenreader
PDF (Questionnaire Template - University UK) Supplemental Material
Language: English


Download this file
(PDF/141kB)
[thumbnail of Questionnaire Template - University UK]
Preview
Request a format suitable for use with assistive technology e.g. a screenreader
PDF Author's Accepted Manuscript
Language: English

Restricted to Repository staff only
Contact us about this Publication
[thumbnail of Randep.pdf]
Official URL:
https://doi.org/10.1186/s40163-019-0097-9

Abstract

Ransomware incidents have increased dramatically in the past few years. The number of ransomware variants is also increasing, which means signature and heuristic-based detection techniques are becoming harder to achieve, due to the ever changing pattern of ransomware attack vectors. Therefore, in order to combat ransomware, we need a better understanding on how ransomware is being deployed, its characteristics, as well as how potential victims may react to ransomware incidents. This paper aims to address this challenge by carrying out an investigation on 18 families of ransomware, leading to a model for categorising ransomware behavioural characteristics, which can then be used to improve detection and handling of ransomware incidents. The categorisation was done in respect to the stages of ransomware deployment methods with a predictive model we developed called Randep. The stages are fingerprint, propagate, communicate, map, encrypt, lock, delete and threaten. Analysing the samples gathered for the predictive model provided an insight into the stages and timeline of ransomware execution. Furthermore, we carried out a study on how potential victims (individuals, as well as IT support staff at universities and SMEs) detect that ransomware was being deployed on their machine, what steps they took to investigate the incident, and how they responded to the attack. Both quantitative and qualitative data were collected through questionnaires and in-depth interviews. The results shed an interesting light into the most common attack methods, the most targeted operating systems and the infection symptoms, as well as recommended defence mechanisms. This information can be used in the future to create behavioural patterns for improved ransomware detection and response.

Item Type: Article
DOI/Identification number: 10.1186/s40163-019-0097-9
Projects: EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)
Uncontrolled keywords: ransomware; cybercrime; predictive model; classification; victim study
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Funders: Organisations -1 not found.
Depositing User: Budi Arief
Date Deposited: 18 Jan 2019 17:24 UTC
Last Modified: 09 Jan 2024 15:31 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/71720 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.