{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,28]],"date-time":"2025-10-28T18:37:29Z","timestamp":1761676649707,"version":"3.37.3"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319926230"},{"type":"electronic","value":"9783319926247"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-92624-7_14","type":"book-chapter","created":{"date-parts":[[2018,9,4]],"date-time":"2018-09-04T06:46:11Z","timestamp":1536043571000},"page":"317-335","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Identifying File Interaction Patterns in Ransomware Behaviour"],"prefix":"10.1007","author":[{"given":"Liam","family":"Grant","sequence":"first","affiliation":[]},{"given":"Simon","family":"Parkinson","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,5]]},"reference":[{"key":"14_CR1","unstructured":"Moir, R (2003) Defining malware: FAQ. https:\/\/technet.microsoft.com\/en-us\/library\/dd632948.aspx"},{"key":"14_CR2","doi-asserted-by":"crossref","unstructured":"Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the gordian knot: a look under the hood of ransomware attacks. In: International conference on detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, pp 3\u201324","DOI":"10.1007\/978-3-319-20550-2_1"},{"issue":"1","key":"14_CR3","first-page":"10","volume":"13","author":"R Richardson","year":"2017","unstructured":"Richardson, R., North, M.: Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1), 10 (2017)","journal-title":"Int Manag Rev"},{"key":"14_CR4","unstructured":"Brenner, B (2017) InfoSec 2017: a look at the family album of ransomware. https:\/\/nakedsecurity.sophos.com\/2017\/06\/06\/infosec-2017-a-look-at-the-family-album-of-ransomware\/"},{"key":"14_CR5","unstructured":"Beek, C (2017) McAfee Labs 2017 Threats Predictions. www.mcafee.com\/uk\/resources\/reports\/rp-threats-predictions-2017.pdf"},{"key":"14_CR6","unstructured":"MalwareBytes: cybercrime tactics and techniques (2017). https:\/\/www.malwarebytes.com\/pdf\/labs\/Cybercrime-Tactics-and-Techniques-Q1-2017.pdf"},{"key":"14_CR7","unstructured":"Symantec: internet security threat report (2017). https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/reports\/istr-22-2017-en.pdf"},{"key":"14_CR8","unstructured":"FBI IC3: internet crime report (2016). https:\/\/pdf.ic3.gov\/2016_IC3Report.pdf"},{"key":"14_CR9","unstructured":"US Department of Justice: How to protect your networks from ransomware. Technical report (2016). https:\/\/www.justice.gov\/criminal-ccips\/file\/872771\/download"},{"key":"14_CR10","volume-title":"The evolution of ransomware","author":"K Savage","year":"2015","unstructured":"Savage, K., Coogan, P., Lau, H.: The evolution of ransomware. Symantec, Mountain View (2015)"},{"key":"14_CR11","doi-asserted-by":"crossref","unstructured":"Upadhyaya R, Jain A (2016) Cyber ethics and cyber crime: A deep dwelved study into legality, ransomware, underground web and bitcoin wallet. In: International conference on computing, communication and automation (ICCCA). IEEE, pp 143\u2013148","DOI":"10.1109\/CCAA.2016.7813706"},{"key":"14_CR12","unstructured":"Fischer, T (2014) Private and public key cryptography and ransomware. Technical report"},{"key":"14_CR13","unstructured":"Trend Micro: Command-and-control (C&C) server (2017). https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/command-and-control-(c-c)-serve"},{"key":"14_CR14","unstructured":"Sophos: Ransomware: How an attack works (2016). https:\/\/community.sophos.com\/kb\/en-us\/124699"},{"key":"14_CR15","unstructured":"Beek C, Frosst D, Greve P, Gund Y, Moreno F, Peterson E, Schmugar C, Simon R, Sommer D, Sun B, et al. (2017) Mcafee labs threats report [internet]. McAfee Lab (April 2017). https:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threats-mar-2017,pdf , p 49"},{"key":"14_CR16","unstructured":"Symantec: ISTR ransomware (2017). https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/white-papers\/istr-ransomware-2017-en.pdf"},{"key":"14_CR17","doi-asserted-by":"crossref","unstructured":"Liao K, Zhao Z, Doup\u00e9 A, Ahn G-J (2016) Behind closed doors: measurement and analysis of cryptolocker ransoms in bitcoin. In: APWG symposium on electronic crime research (eCrime). IEEE, pp 1\u201313","DOI":"10.1109\/ECRIME.2016.7487938"},{"key":"14_CR18","unstructured":"Panda Security: cryptolocker: what is and how to avoid it. Panda Security (2015). https:\/\/www.pandasecurity.com\/mediacenter\/malware\/cryptolocker\/"},{"key":"14_CR19","unstructured":"McGoogan C, Titcomb J, Krol C (2017) What is WannaCry and how does ransomware work?. http:\/\/www.telegraph.co.uk\/technology\/0\/ransomware-does-work\/"},{"key":"14_CR20","unstructured":"Symantec threat intelligence: what you need to know about the Wannacry ransomware (2017). https:\/\/www.symantec.com\/blogs\/threat-intelligence\/wannacry-ransomware-attack"},{"key":"14_CR21","unstructured":"Joven, R, Yick Low, C (2017) MacRansom: offered as ransomware as a servive. https:\/\/blog.fortinet.com\/2017\/06\/09\/macransom-offered-as-ransomware-as-a-service"},{"key":"14_CR22","unstructured":"Barkly: Ransomware-as-a-service is booming (2017). https:\/\/blog.barkly.com\/how-ransomware-as-a-service-works"},{"key":"14_CR23","unstructured":"Conner, B (2017) Ransomware-As-A-Service: the next great cyber threat?. https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2017\/03\/17\/ransomware-as-a-service-the-next-great-cyber-threat\/#648c45d34123"},{"key":"14_CR24","unstructured":"Europol: no more ransom: law enforcement and IT security companies join forces to fight ransomware (2016). https:\/\/www.europol.europa.eu\/newsroom\/news\/no-more-ransom-law-enforcement-and-it-security-companies-join-forces-to-fight-ransomware"},{"key":"14_CR25","unstructured":"No more ransom: about the project (2016). https:\/\/www.nomoreransom.org\/en\/about-the-project.html"},{"key":"14_CR26","unstructured":"Osbourne, C. (2017) No more ransom project helps thousands of ransomware victims. http:\/\/www.zdnet.com\/article\/no-more-ransom-project-unlocks-over-28000-devices\/"},{"key":"14_CR27","unstructured":"KasperSky: no more ransom: a very productive year (2017). https:\/\/www.kaspersky.com\/blog\/no-more-ransom-first-anniversary\/17791\/"},{"key":"14_CR28","unstructured":"Cloonan, J (2017) Advanced malware detection - signatures versus behavior analysis (2017). https:\/\/www.infosecurity-magazine.com\/opinions\/malware-detection-signatures\/"},{"key":"14_CR29","unstructured":"Nieuwenhuizen D (2017) A behavioural-based approach to ransomware detection. Retrieved from https:\/\/labs.mwrinfosecurity.com\/assets\/resourceFiles\/mwri-behavioural-ransomware -detection-2017-04-5.pdf"},{"key":"14_CR30","unstructured":"Ask, K (2006) Automatic malware signature generation. 2006-10-16]. http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download"},{"key":"14_CR31","unstructured":"Hanel, A (2011) An intro to creating anti-virus signatures. http:\/\/hooked-on-mnemonics.blogspot.co.uk\/2011\/01\/intro-to-creating-anti-virus-signatures.html"},{"key":"14_CR32","doi-asserted-by":"crossref","unstructured":"Shosha, AF, Liu, C-C, Gladyshev, P, Matten, M (2012) Evasion-resistant malware signature based on profiling kernel data structure objects. In: 7th international conference on Risk and security of internet and systems (CRiSIS), IEEE, pp 1\u20138","DOI":"10.1109\/CRISIS.2012.6378949"},{"key":"14_CR33","unstructured":"Kaspersky: Heuristic analysis in Kaspersky Anti-Virus 2012 (2012). https:\/\/support.kaspersky.co.uk\/6668"},{"issue":"8","key":"14_CR34","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/S1361-3723(13)70072-1","volume":"2013","author":"M Ahmadi","year":"2013","unstructured":"Ahmadi, M., Sami, A., Rahimi, H., Yadegari, B.: Malware detection by behavioural sequential patterns. Comput Fraud Secur 2013(8), 11\u201319 (2013)","journal-title":"Comput Fraud Secur"},{"key":"14_CR35","doi-asserted-by":"crossref","unstructured":"Naval S, Laxmi V, Gaur MS, Raja S, Rajarajan M, Conti M (2015) Environment\u2013reactive malware behavior: detection and categorization. In: Data privacy management, autonomous spontaneous security, and security assurance. Springer, Berlin, pp 167\u2013182","DOI":"10.1007\/978-3-319-17016-9_11"},{"key":"14_CR36","doi-asserted-by":"crossref","unstructured":"Gazet, A.: Comparative analysis of various ransomware virii. J Comput Virol 6(1), 77\u201390 (2010)","DOI":"10.1007\/s11416-008-0092-2"},{"key":"14_CR37","doi-asserted-by":"crossref","unstructured":"Scaife N, Carter H, Traynor P, Butler KR (2016) Cryptolock (and drop it): stopping ransomware attacks on user data. In: IEEE 36th international conference on distributed computing systems (ICDCS). IEEE, pp 303\u2013312","DOI":"10.1109\/ICDCS.2016.46"},{"issue":"4","key":"14_CR38","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/s11416-011-0153-9","volume":"7","author":"I Sorokin","year":"2011","unstructured":"Sorokin, I.: Comparing files using structural entropy. J Comput Virol 7(4), 259\u2013265 (2011)","journal-title":"J Comput Virol"}],"container-title":["Computer Communications and Networks","Guide to Vulnerability Analysis for Computer Networks and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-92624-7_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T11:38:02Z","timestamp":1571830682000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-92624-7_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319926230","9783319926247"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-92624-7_14","relation":{},"ISSN":["1617-7975","2197-8433"],"issn-type":[{"type":"print","value":"1617-7975"},{"type":"electronic","value":"2197-8433"}],"subject":[],"published":{"date-parts":[[2018]]}}}