Ransomware Assessment Tool

A robust multi-layered cybersecurity solution designed to detect, alert, and mitigate ransomware threats through traffic analysis, machine learning, and signature-based scanning.

Comment

Inspiration

Our inspiration for developing this new anti-malware system comes from the ongoing ransomware attacks on computers, as well as the widespread issues caused by malware. Additionally, we found that current antivirus software often requires significant system resources, which can be challenging for users with older PCs. To address these issues, we have created an anti-malware solution designed to be lightweight and less demanding on system specifications.

What it does

Virtual Environment: Creates a secure environment for file downloads. File Safety: Checks file origin, decrypts, and scans for malware. Machine Learning: Classifies files and detects threats. User Reports: Provides detailed reports and allows user selection of safe programs. Traffic Monitoring: Analyzes traffic for suspicious activity and alerts users. Log Management: Regularly backs up logs and provides access to file and folder checks.

How we built it

This project first creates a virtual environment and redirects browser downloads to this environment, which acts as a simplified quarantine box. We follow several steps to determine if a file is malicious:

  • Download Location Check: We verify where the file is downloaded from. If it’s from the web, we check the site’s originality.
  • File Handling: New files are moved to the quarantine box. Once this step is complete, the file’s format is decrypted or decompressed into a readable format.
  • Malware Detection: We check for ransomware signatures.
  • Machine Learning Classification: A trained machine learning algorithm classifies the file. This includes scanning .exe files.
  • User Interaction: A report is generated for the user. The user selects the programs they want to install, and then the selected files are moved to the PC.
  • Traffic Analysis: The software monitors for suspicious app or software activity. If any anomalies are detected, it scans the file and automatically emails the user about the application.
  • Log Backup: Every month, backups of logs are sent to the user. Users can also check files and folders using machine learning.

All these functions can be accessed via a web interface or an app.

Challenges we ran into

When we started this project, our knowledge was limited to Python, Linux, and HTML/CSS. As we progressed, we gradually learned additional technologies and built the project from the ground up.

Initially, collecting signatures and Yara rules was straightforward. However, finding a dataset that matched all types of malware proved challenging. We struggled with dataset synchronization and faced multiple failures over the first ten days. After persistent effort, we eventually succeeded.

Subsequently, our academic commitments led to a delay, but we continued by developing email and cloud functionalities. We created different components, including a GUI and a web interface. Balancing both was difficult, and setting up the web interface to run on localhost for testing was particularly challenging. This setup allowed us to access the project from multiple PCs on the network, reducing resource consumption by using a single host.

In the end, we managed to complete the project successfully.

Accomplishments that we're proud of

After completing the project, we participated in several project presentations but did not win any prizes. We then entered another hackathon at Nandha Engineering College, where we tackled a similar problem. We won first prize in that event, which lasted 24 hours, and received widespread appreciation for our work.

Currently, we are registered for the Malware Analysis Hackathon 24 organized by IIT Madras.

What we learned

  • Technology Integration: We gained hands-on experience integrating various technologies, including machine learning, web development, and cloud services. This experience taught us how to combine different tech stacks effectively.

  • Problem Solving: We learned to approach and solve complex problems, such as dataset synchronization and creating lightweight security solutions. This involved persistent troubleshooting and creative problem-solving.

  • Project Management: Managing this project required balancing academic commitments with development tasks. We learned valuable lessons in time management, resource allocation, and prioritizing tasks under tight deadlines.

  • Collaboration: Working as a team, we developed skills in collaboration and communication. Coordinating roles and responsibilities, and providing constructive feedback were essential to our success.

  • User-Centric Design: We realized the importance of designing with the end-user in mind. Ensuring that the software was not only functional but also user-friendly helped us create a more effective solution.

  • Adaptability: The project required us to adapt quickly to new tools and technologies. We learned to be flexible and continuously update our knowledge base to meet the project’s evolving needs.

  • Presentation Skills: Through participating in hackathons and presentations, we honed our ability to clearly and effectively communicate our work to diverse audiences.

What's next for Ransomware Assessment Tool

Certainly! Here’s an expanded version of your future plans:

In the future, we aim to enhance our framework to not only improve its overall efficiency but also to develop it into a robust tool for data recovery during ransomware attacks. We plan to incorporate advanced recovery mechanisms to ensure that critical data can be retrieved even under severe threats. Additionally, we envision transforming our solution into a deployable agent that can be integrated across entire networks, making it scalable for use in large enterprises. This will enable comprehensive protection and streamlined management for major companies facing sophisticated cyber threats.

Share this project:

Updates