Ioannis Stamatelos, "Honeytokens for the fight against ransomware", Diploma Work, School of Electrical and Computer Engineering, Technical University of Crete, Chania, Greece, 2024
https://doi.org/10.26233/heallink.tuc.101255
Ransomware is a type of malware that has emerged as one of the most pervasive and damaging cyber threats in recent years, causing significant financial losses and data breaches across various sectors, unless a ransom is paid. Since detection methods are constantly improved in order to detect and mitigate ransomware, the ransomware itself becomes equally better in avoiding detection mechanisms. The thesis begins by analyzing the current state of cyberthreats and then focuses on ransomware as it is one of most popular ones. It continues with the evolution of ransomware from its early origins to its contemporary, sophisticated forms, highlighting key milestones and shifts in attack techniques. A deep dive into the ransomware lifecycle provides insights into how these malicious programs propagate, encrypt data, and demand ransoms, shedding light on their operational dynamics. The classification section categorizes ransomware variants based on their characteristics, propagation mechanisms, and encryption techniques. This taxonomy aids in understanding the diverse landscape of ransomware. Finally a method for ransomware detection using HoneyTokens is implemented. HoneyTokens are strategically placed decoy files designed to attract ransomware attackers, providing a proactive defense mechanism. The study offers a comprehensive analysis of the implementation and effectiveness of this approach in identifying and mitigating ransomware threats.