In-Depth Analysis of Ransom Note Files

Yassine Lemmou; Jean-Louis Lanet; El Mamoun Souidi

doi:10.3390/computers10110145

Computers (Nov 2021)

In-Depth Analysis of Ransom Note Files

Yassine Lemmou,
Jean-Louis Lanet,
El Mamoun Souidi

Affiliations

Yassine Lemmou: Faculty of Sciences, Mohammed V University in Rabat, LabMIASI, BP 1014 RP, Rabat 10000, Morocco
Jean-Louis Lanet: INRIA, LHS-PEC, 35042 Rennes, France
El Mamoun Souidi: Faculty of Sciences, Mohammed V University in Rabat, LabMIASI, BP 1014 RP, Rabat 10000, Morocco

DOI: https://doi.org/10.3390/computers10110145
Journal volume & issue: Vol. 10, no. 11
p. 145

Abstract

Read online

During recent years, many papers have been published on ransomware, but to the best of our knowledge, no previous academic studies have been conducted on ransom note files. In this paper, we present the results of a depth study on filenames and the content of ransom files. We propose a prototype to identify the ransom files. Then we explore how the filenames and the content of these files can minimize the risk of ransomware encryption of some specified ransomware or increase the effectiveness of some ransomware detection tools. To achieve these objectives, two approaches are discussed in this paper. The first uses Latent Semantic Analysis (LSA) to check similarities between the contents of files. The second uses some Machine Learning models to classify the filenames into two classes—ransom filenames and benign filenames.

Published in Computers

ISSN: 2073-431X (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.mdpi.com/journal/computers

About the journal

Abstract

Keywords