Abstract

Ransomware attacks are constantly changing, and the damage they cause has increased. Detection and recovery researches and technologies that respond to variants of ransomware to prevent damage have high safety standards and sacrifices have to be made for the effective application of system re-sources. To overcome such problems,We proposed the determination of entropy using a measurement of the changes in voltages of capacitor microcurrent for distinguishing of the abnormal data accordingly. We hypothesized that both the unencrypted file and the encrypted file will affect voltage change that occur with the data from the I/O channels of the storage. The hypothesis was tested through an experiment that was conducted by implementing the storage and a capacitor circuit on a software level. Experimental results showed that the electrical properties could be detected by the capacitor, and the abnormal data could be detected by entropy calculations in the I/O channels of the storage.