Inhibiting crypto‐ransomware on windows platforms through a honeyfile‐based approach with R‐Locker Gómez Hernández, José Antonio Sánchez Fernández, Raúl García Teodoro, Pedro Ministerio de Economia y Competitividad, Grant/Award Number: TIN2017-83494-R After several years, crypto‐ransomware attacks still constitute a principal threat for individuals and organisations worldwide. Despite the fact that a number of solutions are deployed to fight against this plague, one main challenge is that of early reaction, as merely detecting its occurrence can be useless to avoid the pernicious effects of the malware. With this aim, the authors introduced in a previous work a novel antiransomware tool for Unix platforms named R‐Locker. The proposal is supported on a honeyfile‐based approach, where ‘infinite’ trap files are disseminated around the target filesystem for early detection and to effectively block the ransomware action. The authors extend here the tool with three main new contributions. First, R‐Locker is migrated to Windows platforms, where specific differences exist regarding FIFO handling. Second, the global management of the honeyfiles around the target filesystem is now improved to maximise protection. Finally, blocking suspicious ransomware is (semi)automated through the dynamic use of white‐/black‐lists. As in the original work for Unix systems, the new Windows version of R‐Locker shows high effectivity and efficiency in thwarting ransomware action. 2021-10-14T12:01:12Z 2021-10-14T12:01:12Z 2021-09-18 info:eu-repo/semantics/article Gómez-Hernández, J.A., Sánchez-Fernández, R., García-Teodoro, P.: Inhibiting crypto-ransomware on windows platforms through a honeyfile-based approach with R-Locker. IET Inf. Secur. 1– 11 (2021). [https://doi.org/10.1049/ise2.12042] http://hdl.handle.net/10481/70850 10.1049/ise2.12042 eng http://creativecommons.org/licenses/by-nc-nd/3.0/es/ info:eu-repo/semantics/openAccess Atribución-NoComercial-SinDerivadas 3.0 España John Wiley & Sons