While various ransomware defense systems have been proposed to deal with traditional randomly-spread ransomware attacks\n(based on their unique high-noisy behaviors at hosts and on networks), none of them considered ransomware attacks precisely\naiming at specific hosts, e.g., using the common Remote Desktop Protocol (RDP). To address this problem, we propose a systematic\nmethod to fight such specifically targeted ransomware by trapping attackers via a network deception environment and then\nusing traceback techniques to identify attack sources. In particular, we developed various monitors in the proposed deception\nenvironment to gather traceable clues about attackers, and we further design an analysis system that automatically extracts and\nanalyze the collected clues. Our evaluations show that the proposed method can trap the adversary in the deception environment\nand significantly improve the efficiency of clue analysis. Furthermore, it also helps us trace back RDP-based ransomware attackers\nand ransomware makers in the practical applications.
Loading....