Ranflood: A mitigation tool based on the principles of data flooding against ransomware

Crypto-ransomware aims at extorting money from users by encrypting their files and asking them to pay forthe decryption key. We present Ranflood; a configurable drop-in solution that contrasts ransomware attackswith a deluge of decoy files at specific locations (e.g., sensitive folders of the user, the attack site), deceivingthe attacker into encrypting sacrificial files. Ranflood further slows down the attack by contending with themalware access to IO and computation resources of the targeted machine. The aim is to buy time for thedefence team to take action (e.g., manually shutting down an unresponsive machine). We show how theextensibility and modularity of Ranflood's software architecture (1) can accommodate a wide spectrum offlooding strategies, easing the process of improving its effectiveness also against future ransomware families and (2) strive to maximise the tool's efficiency by exploiting the highest level of parallelism afforded by the attacked machine