RPM: Ransomware Prevention and Mitigation Using Operating Systems' Sensing Tactics.

Ransomware, an extortion type of malware, continues to create havoc targeting critical infrastructure and organizations at large, causing an estimated $20 Billion in direct and collateral damages in 2022. While significant efforts from both academia and industry are being pledged to address this debilitating and disrupting phenomena, the ransomware pandemic continues to expand rapidly in frequency, spread and stealthiness. To this end, in this work, we propose RPM, a Ransomware Prevention and Mitigation scheme. RPM is rooted in the proactive analysis of operating systems' API artifacts through the exploitation of a neat observation related to ransomware behavior, namely, activities generated prior to the actual execution of the malicious payloads. RPM employs OS-centric process hooking tactics to develop an offensive approach leveraging such sensing activities. To demonstrate the effectiveness of RPM, we empirically evaluated it using 100 of the most prominent ransomware samples. The results demonstrate very motivating accuracy metrics with low system footprint, asserting the rationale of the proposed scheme. We posture RPM as a strong step towards proactive mitigation, which aims at complimenting ongoing ransomware thwarting efforts.