GUARDIAN

The ransomware, categorized as a post-exploit attack, is triggered after a malicious action with stolen user credential permissions on the compromised machine. It can quietly infiltrate a system, operating in a stealthy manner that avoids immediate detection (silent phase). Characterized by file encryption and economic extortion tactics for the decryption key, it poses a significant risk as it affects the confidentiality and availability of the files in the file system. It is crucial to recognize signs of vulnerability in machine access and conduct effective monitoring to detect and report anomalous behaviour associated with the preparation of ransomware attacks.

The urgency lies in pre-execution detection, as new techniques known as File System Attacks (FSA)-based ransomware attacks against data in motion have been reported that can silently act by encrypting files over time and also affect derived backups, which would pose a double threat.

The project aims to guarantee continuity of operations by providing users with tools for early detection and recovery of ransomware attacks, aligning with NGI Sargasso’s vision of improving online privacy and security and fostering a safer and more sustainable Internet.

In the face of evolving cyber threats, data protection is crucial. GUARDIAN focuses on two key objectives: developing a prototype of a software tool capable of detecting and mitigating ransomware attacks and providing a user-centric guide to provide clear and concise instructions on utilizing the tool, ensuring that users can navigate its features seamlessly and enhance their overall cybersecurity resilience. GUARDIAN approach emphasizes end-user use and installation, which involves creating a proof-of-concept on a vulnerable system, simulating a FSA for data in motion. The project will deliver the GUARDIAN toolkit to detect and mitigate these attacks, ensuring simplicity in both installation and user understanding.