Fight Malware Like Malware: A New Defense Method Against Crypto Ransomware

Ransomware attacks have become widespread in the last few years and have affected many critical industries and infrastructures. Unfortunately, there are no recovery tools that can effectively defend against all types of ransomware. Approaches, such as frequent data backups, have several drawbacks. They are expensive in terms of resources and trained technical staff. Therefore, it is much more challenging and cost-consuming for average users and small business owners to survive ransomware attacks. To provide an easy-to-use tool for a broader population of users and businesses, we propose a novel ransomware defense mechanism that can be conveniently deployed in modern Windows systems which have over 76% market share as of 2022. The uniqueness of our approach is to fight malware like malware. We leverage Alternate Data Streams, which are sometimes used by malicious applications, to design and implement a data protection method that misleads the ransomware into attacking only file “shells” instead of the actual file content. We have evaluated our approach against different cryptographic ransomware. The results show that our approach is usable, efficient, and effective.