Differential Area Analysis for Ransomware: Attacks, Countermeasures, and Limitations. (arXiv:2303.17351v1 [cs.CR])

Crypto-ransomware attacks have been a growing threat over the last few years.
The goal of every ransomware strain is encrypting user data, such that
attackers can later demand users a ransom for unlocking their data. To maximise
their earning chances, attackers equip their ransomware with strong encryption
which produce files with high entropy values. Davies et al. proposed
Differential Area Analysis (DAA), a technique that analyses files headers to
differentiate compressed, regularly encrypted, and ransomware-encrypted files.
In this paper, first …

analysis area attackers attacks countermeasures crypto daa data demand earning encrypted encryption entropy files header headers high malicious ransom ransomware ransomware attacks threat user data