Anti-Ransomware (ARW) Project
About ARW
Complex file events were first proposed by Etamar Laron (CEO, Asparna) in US Patent 9418070B2 as part of a novel system for file monitoring and revision control. File lifecycle analysis takes complex events further, adding intelligent tools to identify when files change.
We used the foundations of both theories to develop a ransomware monitoring tool the detects when file locker attack tools encrypt files surreptitiously. The tool detects the changes in the file’s contents and automatically reverts them to their original form after the attack is finished.
We published a paper on ARW in a top computer security conferece:
- Michael J. May and Etamar Laron. Combatting Ransomware Using Content Analysis and Complex File Events. IFIP International Conference on New Technologies, Mobility, and Security, 2019. [doi]
People
Michael J. May, Primary Investigator
Adi Golan and Ben Alfassy Student Investigators
Materials: Online supplement
Our paper on ARW appeared in NTMS 2019. Due to space restrictions, we were unable to include events traces in the paper. The following traces support the paper’s contents.