Mitigation of Ransomware

Ransomware is terrorizing the Internet, running rampant in consumer, business, and government systems. So far, ransomware-specific defenses have had minimal impact or success. We propose a new technology called RAM Journaling, a selective recording of RAM over time. The primary purpose of the journal is the recovery of locked data. Specifically, the journal is searched for the symmetric cryptographic keys that were used to encrypt the data. But the RAM Journal will also be used to attempt to identify ransomware before it activates or while it is activating. Existing ransomware detection mechanism, including machine learning, can be applied to the data in the Journal. Instead of only seeing memory as it is at a given point in time, the detection algorithms can examine activity over time. At the same time, the RAM journal also provides significant forensic benefit should ransomware be successful at compromising the system.