Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.2.251

How to Detect and Block Ransomware with File Extension Management in MacOS  

Youn, Jung-moo (Chung-Nam National University)
Ryu, Jae-cheol (Chung-Nam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.2, 2017 , pp. 251-258 More about this Journal
Abstract
Most malware, including Ransomware, is built for the Windows operating system. This is because it is more harmful to target an operating system with a high share. But in recent years, MacOS's operating system share has steadily increased. As people become more and more used, the number of malicious code running on the MacOS operating system is increasing. Ransomware has been known to Korea since 2015, and damage cases are gradually increasing. MacOS is no longer free from Ransomware, as Ransomware for MacOS was discovered in March 2016. In order to cope with future Ransomware, this paper used Ransomware's modified file extension to detect Ransomware. We have studied how to detect and block Ransomware processes by distinguishing between extensions changed by the user and extensions changed by the Ransomware process.
Keywords
Ransomware; File extension; Detection; Block;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Jae-yeon Moon, Young-hyun Chang, "Ransomware Analysis and Method for Minimize the Damage", The Journal of the Convergence on Culture Technology pp.79-85, February, 2016
2 Hyo-mi Nam, Jung-sook Jang, Yong-hee Jeon,, "A Study on the Attack Mechanism Analysis and Countermeasure of Ransomware", Korean Society For Internet Information pp. 283-284, April, 2016
3 Cabaj, Krzysztof, Piotr, Grochowski, Konrad, Osojca, Dawid, "Network activity analysis of CryptoWall ransomware", PRZEGLAD ELEKTROTECHNICZNY pp.201-204, November, 2015
4 Ji-yo Park, "A Study on Malicious Behavior Detection of Ransomware in Windows", Department of Information Security, Graduate School of Infromation and Communications, Konkuk University, 2016
5 Gyeong-sin Kim, Moon-sik Kang, "Next Generation Cyber Security Issues, Threats and Countermeasures," The institute of electronics engineers of korea pp. 69-77, April, 2014
6 Byng-tae Park, "Security Threat and Response Measures by Ransomware", Department of Electronics and Computer Engineering, Graduate School of Industry, Chonnam National University, 2016
7 Ji-young Lee, "A Study on Extraction of Ransomware Evidence by Using Forensic Method", Department of Information Security, Graduate School of Dongguk University, 2016
8 "New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer", http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/
9 "A study on the behavior monitoring ",http://www.riss.kr/search/detail/DetailView.do?p_mat_type=be54d9b8bc7cdb09&control_no=4c2519a94d07172bffe0bdc3ef48d419