A Double-Shell Structured Ransomware Defense Method Tailored for the RaaS Model

A Double-Shell Structured Ransomware Defense Method Tailored for the RaaS Model

연구 분야: Verification

학회: International Conference on Cyberspace Simulation and Evaluation

Ransomware attacks have become a significant cybersecurity threat, with the Ransomware as a Service (RaaS) paradigm enabling attackers with limited technical expertise to launch sophisticated campaigns. There is currently a lack of systematic research specifically targeting RaaS-type ransomware. This paper analyzes the operational mechanisms of RaaS ransomware, including its industry chain, attack processes, and technical characteristics. We propose a formalized RaaS attack model, providing a clear understanding of its operational methods. To address the limitations of existing defense methods, we introduce an innovative double-shell structured defense model. Utilizing Hook technology and a token verification mechanism, it effectively prevents ransomware from encrypting user data. We demonstrate the effectiveness of this model through experimental validation with a document protection program named RansomShield, achieving a 100% success rate in defending against real ransomware attacks.