Ransomware has remained one of the most notorious threats in the cybersecurity field. Moving Target Defense (MTD) has been proposed as a novel paradigm for proactive defense. Although various approaches leverage MTD, few of them rely on the operating system and, specifically, the file system, thereby making them dependent on other computing devices. Furthermore, existing ransomware defense techniques merely replicate or detect attacks, without preventing them. Thus, this paper introduces the MTFS overlay file system and the design and implementation of three novel MTD techniques implemented on top of it. One delaying attackers, one trapping recursive directory traversal, and another one hiding file types. The effectiveness of the techniques are shown in two experiments. First, it is shown that the techniques can delay and mitigate ransomware on real IoT devices. Secondly, in a broader scope, the solution was confronted with 14 ransomware samples, highlighting that it can save 97% of the files.

翻译：勒索软件一直是网络安全领域最臭名昭著的威胁之一。移动目标防御（MTD）被提出作为一种主动防御的新范式。尽管各种方法利用了MTD，但很少依赖于操作系统，特别是文件系统，从而使其依赖于其他计算设备。此外，现有的勒索软件防御技术仅复制或检测攻击，并未阻止它们。因此，本文介绍了MTFS覆盖文件系统以及在其上实现的三种新颖MTD技术的设计与实现：一种延迟攻击者，一种诱捕递归目录遍历，另一种隐藏文件类型。两项实验展示了这些技术的有效性。首先，实验表明这些技术可以在真实物联网设备上延迟并缓解勒索软件。其次，在更广泛的范围内，该解决方案面对14个勒索软件样本，显示出它可以挽救97%的文件。