A framework for supporting ransomware detection and prevention based on hybrid analysis

Ransomware is a very effective form of malware, which recently raised a lot of attention since an impressive number of workstations was affected. This malware is able to encrypt the files located in the infected machine and block the access to them. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in bitcoins. In this paper we discuss an hybrid framework, combining static and dynamic analysis, exploiting APIs to prevent and mitigate ransomware threats. The evaluation, considering 1000 legitimate and ransomware applications, demonstrates that the hybrid API calls-based detection can be proved to be a promising direction in ransomware prevention and mitigation.