Cybercrime activities are difficult separate from the development of malware. In Internet Security Threat Report, crime by exploiting malware becomes the ultimate crime. One of the highest spreading malwares is ransomware. Ransomware infections has increased year by year since 2013 and there are 1,271 detections for one day in 2017. Meanwhile, in 2018 there was a shift in attacks where 81 percent of attacks targeted enterprise so that ransomware infections increased by 12 percent. For solve this problem, this research proposed antivirus signature based on DLL Files and API Calls of ransomware files. Detection files based on antivirus signature has high theoretical value and practical significance. The experiment showed detection ransomware files based on DLL Files and functional API Calls with machine learning have a good result than detection files based on MD5 and hexdump. For testing and detection ransomware files, this research is using machine learning algorithms such as KNN, SVM, Decision Trees, and Random Forest. Experiment result showed the successful detection ransomware files, improved detection object and method research for antivirus signature.

Kata Kunci : Ransomware, Antivirus, Machine Learning, Malware.

Al Amro, S. and Alkhalifah, A. (2015) ‘A Comparative Study of Virus Detection Techniques’, International Journal of Computer, Electrical, Automation, Control and Information Engineering.

Cabaj, K. and Mazurczyk, W. (2016) ‘Using software-defined networking for ransomware mitigation: The case of cryptowall’, IEEE Network. doi: 10.1109/MNET.2016.1600110NM.

Gardiner, J. and Nagaraja, S. (2016) ‘On the security of machine learning in malware C&C detection: A survey’, ACM Computing Surveys. doi: 10.1145/3003816.

International Telecommunication Union (2019) ‘Measuring digital development Facts and figures 2019’, ITUPublications, pp. 1–15. Available at: https://www.itu.int/en/mediacentre/Documents/MediaRelations/ITU Facts and Figures 2019 - Embargoed 5 November 1200 CET.pdf.

Kawaguchi, N. and Omote, K. (2015) ‘Malware function classification using apis in initial behavior’, in Proceedings - 2015 10th Asia Joint Conference on Information Security, AsiaJCIS 2015. doi: 10.1109/AsiaJCIS.2015.15.

Koret, J. and Bachaalany, E. (2015) The Antivirus Hacker’s Handbook, The Antivirus Hacker’s Handbook. doi: 10.1002/9781119183525.

Sebastián, M. et al. (2016) ‘Avclass: A tool for massive malware labeling’, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). doi: 10.1007/978-3-319-45719-2_11.

Symantec (2018) Internet security threat report, Network Security. Available at: http://linkinghub.elsevier.com/retrieve/pii/S1353485805001947.

Symantec (2019) ‘Internet Security Threat Report VOLUME 21, February 2019’, Network Security, 21(February), p. 61. Available at: http://linkinghub.elsevier.com/retrieve/pii/S1353485805001947.

Wressnegger, C. et al. (2017) ‘Automatically inferring malware signatures for anti-virus assisted attacks’, in ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. doi: 10.1145/3052973.3053002.