With the sensational increase in the real value of cryptocurrencies such as Bitcoin and Ethereum in the last years, attackers are even more motivated in carrying out malicious attacks on users’ computers systems. Cryptocurrencies, as well as critical users’ information, are often stored in users personal computer, with different methods and techniques to protect against malicious entities. Indeed, although the hardware wallets provide an increasing level of security, many users still prefer to use free software solutions, exposing their data to critical risks. End-user devices could be targeted using several tricks and techniques; between these, in the last years Ransomware malware attacks have become increasingly dangerous and very effective.

Ransomware is a malicious software that aims to encrypts data in computers and servers, in a way to make it impossible for users to open them again. People can get back access to their data only by paying a ransom which hackers demand. Although this is a very well-known attack (the first one targeted the health-care industry in the far 1989), it continues to be heavily used nowadays. As disclosed by Microsoft, global Ransomware damage costs is increasing from the 325 million dollars in 2015 and has now exceeded the amount of 5 billion dollars in 2017.

Current solutions include proactive techniques, acting in advance, or reactive solutions, detecting the Ransomware injecting and trying to stop its encryption actions in real-time. However, these solutions are usually able to defend only against a limited number of threats, while an effective countermeasure able to face different ransomware implementations is still lacking.

The Cybersecurity lab intensively and passionately work on both proactive and reactive solutions able to fight a greater number of Ransomware families, by maintaining a relatively-low system overhead and minimally affecting normal operations of users.