Connection-monitor & connection-breaker: A novel approach for prevention and detection of high survivable ransomwares

Ransomwares have become a growing threat in recent years, and this situation continues to worsen. It rose awareness on a particular class of malwares which extort a ransom in exchange for a captive asset. Most widespread ransomwares make an intensive use of data encryption. Basically, they encrypt various files on victim´s hard drives, removable drives and mapped network shares before asking for a ransom to get the files decrypted. In this paper, at first we propose a comprehensive ransomware taxonomy. Then, based on this taxonomy and according to a principal feature which we discovered in high survivable ransomwares (HSR) in the key exchange protocol step, we present a novel approach for detecting high survivable ransomwares and preventing them from encrypting victim´s data. Experimental evaluation demonstrates that our framework can detect variants of recent dangerous ransomwares.