Using Software-Defined Networking for Ransomware Mitigation: the Case of CryptoWall
This addresses the threat of ransomware for Internet users, offering an incremental improvement in mitigation techniques.
The paper tackled the problem of ransomware, specifically CryptoWall, by proposing two real-time mitigation methods using Software-Defined Networking (SDN) to enable timely reactions without significantly affecting network performance, with experimental results confirming feasibility and efficiency.
Currently, different forms of ransomware are increasingly threatening Internet users. Modern ransomware encrypts important user data and it is only possible to recover it once a ransom has been paid. In this paper we show how Software-Defined Networking (SDN) can be utilized to improve ransomware mitigation. In more detail, we analyze the behavior of popular ransomware - CryptoWall - and, based on this knowledge, we propose two real-time mitigation methods. Then we designed the SDN-based system, implemented using OpenFlow, which facilitates a timely reaction to this threat, and is a crucial factor in the case of crypto ransomware. What is important is that such a design does not significantly affect overall network performance. Experimental results confirm that the proposed approach is feasible and efficient.