You are here

Mitigation of Ransomware

Award Information
Agency: Department of Defense
Branch: Army
Contract: W911NF-19-P-0015
Agency Tracking Number: A18B-010-0252
Amount: $149,262.75
Phase: Phase I
Program: STTR
Solicitation Topic Code: A18B-T010
Solicitation Number: 18.B
Timeline
Solicitation Year: 2018
Award Year: 2019
Award Start Date (Proposal Award Date): 2018-12-20
Award End Date (Contract End Date): 2019-06-20
Small Business Information
12210 WOODELVES DR
OWINGS MILLS, MD 21117
United States
DUNS: 052975079
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Seth James Nielson
 President
 (410) 840-7632
 seth@crimsonvista.com
Business Contact
 Seth Nielson
Phone: (410) 840-7632
Email: seth@crimsonvista.com
Research Institution
 Johns Hopkins University
 Anton Dahbura Anton Dahbura
 
3400 N. Charles Street
Baltimore, MD 21218
United States

 (410) 516-0211
 Nonprofit College or University
Abstract

Ransomware is terrorizing the Internet, running rampant in consumer, business, and government systems. So far, ransomware-specific defenses have had minimal impact or success. We propose a new technology called RAM Journaling, a selective recording of RAM over time. The primary purpose of the journal is the recovery of locked data. Specifically, the journal is searched for the symmetric cryptographic keys that were used to encrypt the data. But the RAM Journal will also be used to attempt to identify ransomware before it activates or while it is activating. Existing ransomware detection mechanism, including machine learning, can be applied to the data in the Journal. Instead of only seeing memory as it is at a given point in time, the detection algorithms can examine activity over time. At the same time, the RAM journal also provides significant forensic benefit should ransomware be successful at compromising the system.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government