| Title | An Empirical Study of API Calls in Ransomware |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Bajpai, Pranshu, Enbody, Richard |
| Conference Name | 2020 IEEE International Conference on Electro Information Technology (EIT) |
| Keywords | composability, Encryption, Metrics, Microsoft Windows, Organizations, pubcrawl, public key cryptography, ransomware, Resiliency |
| Abstract | Modern cryptographic ransomware pose a severe threat to the security of individuals and organizations. Targeted ransomware attacks exhibit refinement in attack vectors owing to the manual reconnaissance performed by the perpetrators for infiltration. The result is an impenetrable lock on multiple hosts within the organization which allows the cybercriminals to demand hefty ransoms. Reliance on prevention strategies is not sufficient and a firm comprehension of implementation details is necessary to develop effective solutions that can thwart ransomware after preventative strategies have failed. Ransomware depend heavily on the abstraction offered by Windows APIs. This paper provides a detailed review of the common API calls in ransomware. We propose four classes of API calls that can be used for profiling and generating effective API call relationships useful in automated detection. Finally, we present counts and visualizations pertaining to API call extraction from real-world ransomware that demonstrate that even advanced variants from different families carry similarities in implementation. |
| DOI | 10.1109/EIT48999.2020.9208284 |
| Citation Key | bajpai_empirical_2020-1 |
An Empirical Study of API Calls in Ransomware