In order to ensure the highest quality of our services, we use small files called cookies. When using our website, the cookie files are downloaded onto your device. You can change the settings of your browser at any time. In addition, your use of our website is tantamount to your consent to the processing of your personal data provided by electronic means.
Public Information Bulletin Logo

The National Centre for Research and Development

Back

Universal System for Early Detection and Neutralisation of Ransomware-Type Malware

1460x616 (1)

square with tentacles  Project title

Universal System for Early Detection and Neutralisation of Ransomware-Type Malware.

ACRONYM: USEDRans

outline of the upper man silhouette  Name of Beneficiary/Beneficiaries

TiMSI Sp. z o.o. – Consortium leader

Military University of Technology – Consortium member

briefcase icon  Name of programme

National programmes

newspaper icon  Competition

CyberSecIdent IV

two heaps of coins icon  Project value

PLN 4,505,360.00

hand icon with two circles above it  Funding value

PLN 3,690,074.00

clock icon  Project delivery period

from 1 July 2021 to 30 September 2023

Meet our team

mgr inż. Paweł Zielski

Polish-Japanese Academy of Information Technology

 

1

dr inż. Kamil Kaczyński (Kamil Kaczyński.jpeg),

Faculty of Cybernetics, Military University of Technology

 

2

mgr inż. Michał Glet (Michał Glet.jpg)

Faculty of Cybernetics, Military University of Technology

See the results of our work

3

The project "Universal System for Early Detection and Neutralisation of Ransomware-Type Malware" aimed to create an advanced tool for identifying and neutralising ransomware threats. Conducted by a team of experts in cyber security, the project represents a breakthrough in combating one of the most significant threats to the digital world. During the research phase, extensive technical analyses were carried out, innovative detection concepts were designed, and mechanisms for monitoring and auditing the system were developed. The analysis of over 900 ransomware samples allowed the identification of characteristics enabling early detection of malicious software, which is crucial for effective attack prevention.

The project introduced new approaches to the scientific discussion, focusing on Windows API analysis, code injection methods, and cryptography. These contributions have advanced the understanding and development of defence strategies against ransomware. Over 60 documents and studies were produced as part of the research, gathering knowledge on innovative methods for detecting and neutralising ransomware, and contributing to the creation of proprietary concepts for monitoring and auditing mechanisms. The results confirm the project's innovation, which has been recognised with a silver medal at the Prix Eiffel 2022 and a gold medal at the Concours Lépine 2023 during international invention fairs.

The project also garnered acclaim in the scientific community, with results presented at prestigious conferences, such as the 20th and 21st International Conference on Applied Cryptography and Network Security, highlighting its contribution to the field of information security. The findings from the research phase provide a solid foundation for further development of early threat detection mechanisms and monitoring tools for suspicious processes in the Windows operating system. Implementing these solutions will significantly enhance user security, reducing the risk of ransomware attacks.

In summary, the "Universal System for Early Detection and Neutralisation of Ransomware-Type Malware" project significantly contributes to the advancement of cyber security technologies, offering innovative solutions in the field of information security. Its implementation opens new opportunities for the effective detection and neutralisation of malicious software, which is crucial for protecting data in the digital world.

What problem does our project solve?

Our project addresses a serious issue related to the threat posed by ransomware, which is becoming increasingly common and advanced. Ransomware is a type of malicious software that blocks access to a user’s data or entire system, then demands a ransom for restoring access.

Current defence methods against ransomware often rely on analysing signatures of known threats stored in databases. This approach has its limitations because new ransomware versions can be designed to evade detection by these traditional systems. This means that when a new, unknown version of ransomware emerges, systems relying on old signatures may be ineffective, leaving users unprotected.

Our project, named USEDRans, develops a tool capable of detecting and neutralising ransomware in a universal way, without relying on historical signatures. As a result, our solution will be effective not only against known threats, but also against new ones that may emerge in the future.

USEDRans employs innovative detection methods that identify unwanted software behaviours independently of their signature. This ensures a higher level of security for businesses and public institutions, protecting them from data loss and potential financial damage.

In short, our project tackles the challenge of the dynamically changing ransomware threat landscape by offering a universal and innovative solution that effectively protects users against both current and future threats.

Who will benefit from the project's results?

The results of our USEDRans project will benefit a wide range of users. Primarily, businesses will benefit, as they often fall victim to ransomware attacks, leading to significant financial losses and loss of customer trust. With our tool, companies will be able to effectively secure their IT infrastructure against threats.

Another group that will benefit consists of public institutions. Protecting data in the public sector is critical, as attacks on such entities can disrupt essential public services and put citizens' data at risk.

Additionally, IT service providers and cybersecurity companies can integrate our tool into their offerings, enhancing the value and effectiveness of their services.

In summary, the USEDRans project will benefit private companies, public institutions, and the IT sector, improving overall digital security.

What was the biggest challenge for us in implementing the project?

The biggest challenge in implementing the USEDRans project was identifying the right detection indicators to enable effective and reliable ransomware detection in a universal way.

Traditional detection methods rely on signatures of known threats, which makes them ineffective against new, unknown ransomware variants. Therefore, we had to develop a novel approach that does not rely on prior data, but instead focuses on identifying unwanted system behaviours.

The challenge was to find indicators precise enough to minimise false positives while being universal enough to detect various types of ransomware. This required intensive research, testing and an iterative approach to optimising detection algorithms. We also had to ensure that our solution is resource-efficient so it could be deployed in various IT environments without impacting system performance.

In summary, the greatest challenge was developing detection indicators that provide effective and universal protection against ransomware while ensuring high precision and a low false-positive rate.

Our advice to other Applicants

Our advice to other applicants undertaking similar projects is to focus on innovation and adaptability of solutions. In the rapidly evolving landscape of cyber threats, it is crucial not to rely solely on traditional methods and historical data, but to explore novel approaches that can effectively address future challenges.

It is also essential to clearly define goals and success criteria from the outset of the project. Setting appropriate performance indicators and regularly monitoring progress allows for quick identification and correction of potential issues.

Another key aspect is building an interdisciplinary team. Combining the expertise of specialists in fields such as cyber security, data analysis, programming, and project management increases the chances of success. Engaging stakeholders at various stages of the project can provide valuable feedback and help tailor solutions to users' real needs.

Furthermore, do not be afraid to test and iterate on your solutions. Continuous improvement based on results and feedback is critical to achieving ultimate success.

Finally, remember the importance of flexibility and readiness to adapt when faced with unforeseen challenges. Projects of this type often encounter unexpected obstacles, so it is crucial to be prepared to respond quickly and adjust to changing conditions.

In summary, innovation, clear objectives, an interdisciplinary approach, continuous testing, and flexibility are key elements that can contribute to the successful implementation of cyber security projects.