Fight Virus Like a Virus: A New Defense Method Against File-Encrypting Ransomware

Nowadays ransomware has become a new profitable form of attack. This type of malware acts as a form of extortion which encrypts the files in a victim's computer and forces the victim to pay the ransom to have the data recovered. Even companies and tech savvy people must use extensive resources to maintain backups for recovery or else they will lose valuable data, not mentioning average users. Unfortunately, not any recovery tool can effectively defend various types of ransomware. To address this challenge, we propose a novel ransomware defense mechanism that can be easily deployed in modern Windows system to recover the data and mitigate a ransomware attack. The uniqueness of our approach is to fight the virus like a virus. We leverage Alternative Data Streams which are sometimes used by malicious applications, to develop a data protection method that misleads the ransomware to attack only file 'shells' instead of the actual file content. We evaluated different file encrypting ransomware and demonstrate usability, efficiency and effectiveness of our approach.