近年來，隨著網路與電腦的高度發展，電腦在人類生活中所佔的比重也愈來愈重。對現代社會而言，電腦儼然已經成為生活中不可或缺的一部份。但對電腦的高度依賴，也代表電腦上將存有使用者大量的重要資料，這也使得個人電腦愈來愈容易成為攻擊者投放惡意軟體並從中獲利的目標。


勒索軟體是近年來最具破壞性的惡意軟體之一，這類惡意軟體會將使用者的檔案加密，並要求使用者以支付贖金的方式來取得解密檔案的密鑰，否則便無法取回被加密的檔案。並且攻擊者雖然會告知受害者明確的付款方式，卻總是透過加密貨幣的方式來隱藏自己的身分，進而躲避追緝，使受害者甚至無法採取進一步手段來討回自己的損失。而勒索軟體原本攻擊的平台僅限於WINDOWS，但是隨著linux用戶的增多與勒索軟體愈來愈多的變種，2015年出現了一款名為Linux.Encoder.1的勒索軟體，這種勒索軟體主要的攻擊對象是LINUX，而隨著時光的流逝，勒索軟體也陸續演變出 之類的變種，直到現在，針對LINUX的勒索軟體愈來愈多，代表不久的將來，LINUX也可能不再像過去人們所認為的那般安全。


為了預防這樣糟糕的事態發生，在本篇論文中，我們提出了一個方法來預防LINUX系統受到勒索軟體的危害。我們製作了一個自動化系統，採用隨時監聽的方式，讓使用者選擇一個資料夾，由我們的系統負責監聽該資料夾內的一切變化，並且檢測目錄內的檔案是否健康。一旦我們的系統判斷檔案健康，便會立刻將健康的檔案透過FTP上傳到與系統相連的私有雲空間。以確保健康的檔案隨時能受到備份。一旦目前的系統受到勒索軟體加密，我們的系統便會將已被加密的檔案刪除，再從私有雲將健康的檔案下載回來，防止使用者因為勒索軟體而可能造成的各種檔案損失。

In recent years, with the high development of Internet, personal computer becomes more and more important part in human's life. But the deep reliance with computer means there will be a big amount of sensitive data saved in it. For this reason, computer has became the target of the attackers who get profit by spread malware more and more easily.

Ransomware is one of the most devaststing malware in recent years. This kind of malware will encrypt the victim's files to ask ransom payment. The victim's computer won't be unlocked until the victim pay the ransom.And the payment can be completed by buying some specific products or using bitcoin, which makes the criminals untraceable.

To prevent such terrible condition, we propose a method to prevent Linux operating system from the attack of ransomware. We construct an automatic system to monitor user's computer.First we let our user choose a directory. Then our system will monitor all the files changing in the directory on real-time and check if the files are healthy. If the files are healthy, our system will upload the files to the private cloud by FTP to ensure the healthy file can be back up on time. If our user's computer is encrypted by ransomware, our system will delete the encrypted files and download the healthy files from private cloud. Then our system can prevent our user from the loss of ransomware.

1 Introduction ．．．．．1
1.1 Motivation ．．．．．1
1.2 Contribution ．．．．．3
1.3 Organization ．．．．．3
2 Background ．．．．．5
2.1 Ransomware ．．．．．5
2.1.1 Behavior ．．．．．6
2.1.2 Erebus Ransomware ．．．．．7
2.2 Load balancing ．．．．．8
3 Related works ．．．．．9
4 System Framework ．．．．．11
4.1 Goal ．．．．．11
4.2 System Framework ．．．．．11
4.2.1 Client Authentication ．．．．．12
4.2.2 Listen to the user defined directory ．．．．．13
4.2.3 If a file is updated ．．．．．13
4.2.4 Check whether the file is healthy ．．．．．14
4.2.5 Request to store the file ．．．．．14
5 System Requirement ．．．．．15
5.1 System Requirement ．．．．．15
5.2 Tools ．．．．．16
5.2.1 IText ．．．．．16
5.2.2 Apache POI ．．．．．16
5.2.3 JNotify ．．．．．16
5.2.4 Apache Commons-IO ．．．．．16
5.2.5 JavaFX ．．．．．17
5.3 System Architecture ．．．．．17
5.3.1 Client Authentication ．．．．．17
5.3.2 Main progress of our system ．．．．．18
5.4 Experiment ．．．．．18
5.4.1 Experiment environment and settings ．．．．．19
5.4.2 Experiment process ．．．．．19
6 Conclusion ．．．．．22
Bibliography ．．．．．23

[1]Annual number of ransomware attacks worldwide from 2014 to 2018 (inmillions).https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/.
[2]Apache commons-io.http://commons.apache.org/proper/commons-io/.[3]Apache poi.https://poi.apache.org/.
[4]Erebus linux ransomware: Impact to servers and countermeasures.https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/erebus-linux-ransomware-impact-to-servers-and-countermeasures.
[5]Gonnacry.https://github.com/tarcisio-marinho/GonnaCry.
[6]itext.https://itextpdf.com/en.
[7]Javafx.https://openjfx.io/openjfx-docs/.
[8]Jnotify.http://jnotify.sourceforge.net/.
[9]Market share held by the leading computer (desktop/tablet/console)operating systems worldwide from january 2012 to february 2019.https://www.statista.com/statistics/268237/global-market-share-held-by-operating-systems-since-2009/.
[10]Number of newly discovered ransomware families worldwide from 2015 to2018.https://www.statista.com/statistics/701029/number-of-newly-added-ransomware-families-worldwide/.23
[11]Wikipedia: Load balancing (computing).https://en.wikipedia.org/wiki/Load_balancing_(computing).[12]Wikipedia: Ransomware.https://en.wikipedia.org/wiki/Ransomware.[13]wikipedia usage share of operating systems.https://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Public_servers_on_the_Internet.
[14]Kharraz Amin, Arshad Sajjad, Mulliner Collin, Robertson William, and KirdaEngin. Unveil: A large-scale, automated approach to detecting ransomware.2016.
[15]Alam Manaar, Bhattacharya Sarani, Mukhopadhyay Debdeep, andChattopadhyay Anupam. Rapper: Ransomware prevention via performancecounters. 2018.
[16]Scaife Nolen, Carter Henry, Traynor Patrick, and Butler Kevin, R.B.Cryptolock (and drop it): Stopping ransomware attacks on user data. 2016