Author:
Wang Senmiao,Qin Sujuan,He Nengqiang,Tu Tengfei,Hou Junjie,Zhang Hua,Shi Yijie
Abstract
Ransomwares on Android have become a challenging threat, performing tasks such as hijacking screen resources, locking devices, and encrypting files. Even worse, with the evolution of ransomwares, many ransomwares can disable USB interfaces of mobile devices. It is difficult for users to recover their devices or decrypt files with the help of other equipment and gives monetary damages to victims. In this paper, we analyse the symmetry between the ransom behaviours and the source code of screen resource hijacked ransomwares, devices locked ransomwares and files encrypted ransomwares. We also propose strategies of recovering hijacked resources, recovering hijacked devices and decrypting encrypted files. To protect mobile devices and private files from ransomwares, we design and implement an automatic recovery application—KRRecover—which is used to recover the hijacked devices and decrypt encrypted files on Android.
Funder
National Key R&D Program of China
Subject
Physics and Astronomy (miscellaneous),General Mathematics,Chemistry (miscellaneous),Computer Science (miscellaneous)
Reference26 articles.
1. Datto’s Global State of the Channel Ransomware Report. [Online]https://www.datto.com/resources/dattos-global-state-of-the-channel-ransomware-report
2. https://www.coveware.com/blog/q2-2020-ransomware-marketplace-report
3. McAfee Labs Threats Reporthttps://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2019.pdf
4. RootGuard: Protecting Rooted Android Phones
5. Artdroid: A Virtual-Method Hooking Framework on Android Art Runtimehttp://ceur-ws.org/Vol-1575/paper_10.pdf
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献