A New Static-based Framework for Ransomware Detection

Recently, ransomware attacks are on the rise hitting critical infrastructures and organizations globally. Ransomware uses advanced encryption techniques to encrypt important files on the targeted computer, then it requests payment to decrypt the encrypted files again. Therefore, the detection and prevention of ransomware attacks represent major challenges for security researchers. This research proposes a novel static-based rules ransomware detection framework. The decision rules of the proposed framework are based on static features extracted from the ransomware files. When scanned file reached rules threshold, the framework evaluates triggered rules through logical operations to assign a score for each file. Every score represents a confidence level whether this file is ransomware or not from critical to low. The proposed framework has proven that it can detect new families based on rules and logical operations with high accuracy and detection ratio.