Abstract

Ransomware is a rapidly growing malware threat that encrypts a user's files and demands a ransom for the decryption key. It has caused significant financial harm worldwide and is difficult to detect, especially when it's a new, unknown zero-day ransomware. Most commercial antivirus software relies on signature-based detection, which can be slow and inadequate for swiftly identifying suspicious programs. To tackle these challenges, this paper presents a ransomware protection method utilizing decoy files. Our deception-based protection method enhances ransomware detection with a fair decoy deployment strategy. Our method offers the advantage of robustly detecting ransomware compared to existing deception-based methods. Furthermore, it can effectively address ransomware that employs random access attacks, thereby bypassing deception-based detection techniques. In the evaluation, we provide a comprehensive analysis of our experimental results to vividly demonstrate the efficacy of our proposed method. Specifically, we introduce a random-access attack scenario that could potentially circumvent deception-based protection mechanisms. Furthermore, we assess the resilience of our method against such random-access attacks.