Identifying Ransomware Behaviour for Early Detection and Prevention: A Pre-Encryption Analysis Approach to Halt Cyber Invasions
Main Article Content
Abstract
Ransomware might be a kind of extortion in which digital documents are rendered inaccessible until a ransom is paid. Protecting against the growing number of ransomware attacks is seen as a difficult undertaking due to the necessity for knowledge on newly discovered malware and constantly developing families or variants. As a result, there is a need to investigate convincing techniques to detecting and reducing ransomware assaults by analysing their behavioural patterns prior to encryption. Using the Pre-attack API calls, these ransomwares may be assigned to recognised malware families. Discovery avoidance strategies include making a sequence of pre-attack API calls to fingerprint the environment and avoid execution in a virtual environment. This might be the first step in recognising and mitigating such risks. Furthermore, this discovery may be used to identify ransomware and beneficial applications before encryption utilising APIs. This study also effectively found the APIs that may distinguish between ransomware and goodware. We have found twelve APIs present typically in ransomware but less in goodware and fifteen APIs were more prevalent in goodware than ransomware.