Lockout-Tagout Ransomware: A Detection Method for Ransomware using Fuzzy Hashing and Clustering

Nitin Naik, Paul Jenkins, Jonathan Gillett, Haralambos Mouratidis, Kshirasagar Naik, Jingping Song

    Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNpeer-review


    Ransomware attacks are a prevalent cybersecurity threat to every user and enterprise today. This is attributed to their polymorphic behaviour and dispersion of inexhaustible versions due to the same ransomware family or threat actor. A certain ransomware family or threat actor repeatedly utilises nearly the same style or codebase to create a vast number of ransomware versions. Therefore, it is essential for users and enterprises to keep well-informed about this threat landscape and adopt proactive prevention strategies to minimise its spread and affects. This requires a technique to detect ransomware samples to determine the similarity and link with the known ransomware family or threat actor. Therefore, this paper presents a detection method for ransomware by employing a combination of a similarity preserving hashing method called fuzzy hashing and a clustering method. This detection method is applied on the collected WannaCry/WannaCryptor ransomware samples utilising a range of fuzzy hashing and clustering methods. The clustering results of various clustering methods are evaluated through the use of the internal evaluation indexes to determine the accuracy and consistency of their clustering results, thus the effective combination of fuzzy hashing and clustering method as applied to the particular ransomware corpus. The proposed detection method is a static analysis method, which requires fewer computational overheads and performs rapid comparative analysis with respect to other static analysis methods.

    Original languageEnglish
    Title of host publication2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Number of pages8
    ISBN (Electronic)9781728124858
    ISBN (Print)9781728124865
    Publication statusPublished - 20 Feb 2020
    Event2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019 - Xiamen, China
    Duration: 6 Dec 20199 Dec 2019


    Conference2019 IEEE Symposium Series on Computational Intelligence, SSCI 2019

    Bibliographical note

    © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be
    obtained for all other uses, in any current or future media, including
    reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.


    • agnes
    • clara
    • clustering
    • diana
    • fuzzy hashing
    • k-means
    • pam
    • ransomware
    • sdhash
    • similarity preserving hashing
    • ssdeep
    • wannacry
    • wannacryptor


    Dive into the research topics of 'Lockout-Tagout Ransomware: A Detection Method for Ransomware using Fuzzy Hashing and Clustering'. Together they form a unique fingerprint.

    Cite this