Explore a comprehensive conference talk on UNVEIL, an innovative automated system for detecting ransomware. Learn about the resurgence of ransomware attacks, including high-profile incidents like the Sony breach. Discover how UNVEIL operates by creating artificial user environments and monitoring file and desktop interactions to identify ransomware behavior. Examine the system's effectiveness in detecting previously unknown and evasive ransomware strains. Gain insights into different ransomware classes, evaluation methodologies, and the tool's performance against various data sources. Understand the significance of UNVEIL in advancing ransomware detection capabilities and its potential impact on cybersecurity efforts.
UNVEIL - A Large-Scale, Automated Approach to Detecting Ransomware
Overview
Syllabus
Introduction
What is ransomware
Typical ransom node
Recent resurgence of ransomware
Recent attack on hospitals
Canada
Massachusetts
Three Approaches
Thread Model
Tools and Techniques
Our Approach
Two Classes of Ransomware
Generated Content
Ransomware Families
Encryption
Similarity Score
Test System
Data Source
False Negative Cases
Unknown Data Set
Pollution Ratio
Summary
Silent Crypt
VirusTotal
Google Results
Conclusion
Question Answer
Taught by
USENIX
