Researchers develop a way to stop ransomware
Ransomware – what hackers use to encrypt your computer files and demand money in exchange for freeing those contents – is an exploding global problem with few solutions, but a team of University of Florida researchers says it has developed a way to stop it dead in its tracks.
The answer, they say, lies not in keeping it out of a computer but rather in confronting it once it’s there and, counterintuitively, actually letting it lock up a few files before clamping down on it.
“Our system is more of an early-warning system. It doesn’t prevent the ransomware from starting … it prevents the ransomware from completing its task … so you lose only a couple of pictures or a couple of documents rather than everything that’s on your hard drive, and it relieves you of the burden of having to pay the ransom,” said Nolen Scaife, a UF doctoral student and founding member of UF’s Florida Institute for Cybersecurity Research.
Scaife is part of the team that has come up with the ransomware solution, which it calls CryptoDrop.
Ransomware attacks have become one of the most urgent problems in the digital world. The FBI issued a warning in May saying the number of attacks has doubled in the past year and is expected to grow even more rapidly this year.
It said it received more than 2,400 complaints last year and estimated losses from such attacks at $24 million last year for individuals and businesses.
Attackers are typically shadowy figures from other countries lurking on the Dark Web and difficult, if not impossible, to find. Victims include not only individuals but also governments, industry, health care providers, educational institutions and financials entities.
Attacks most often show up in the form of an email that appears to be from someone familiar. The recipient clicks on a link in the email and unknowingly unleashes malware that encrypts his or her data. The next thing to appear is a message demanding the ransom, typically anywhere from a few hundred to a few thousand dollars.
“It’s an incredibly easy way to monetize a bad use of software,” said Patrick Traynor, an associate professor in UF’s department of computer and information science and engineering at UF and also a member of the Florida Institute for Cybersecurity Research. He and Scaife worked together on developing CryptoDrop.
Some companies have simply resigned themselves to that inevitability and budgeted money to cover ransoms, which usually must be paid in Bitcoin, a digital currency that defies tracing.
Ransomware attacks are effective because, quite simply, they work.
Antivirus software is successful at stopping them when it recognizes ransomware malware, but therein lies the problem.
“These attacks are tailored and unique every time they get installed on someone’s system,” Scaife said. “Antivirus is really good at stopping things it’s seen before … That’s where our solution is better than traditional anti-viruses. If something that’s benign starts to behave maliciously, then what we can do is take action against that based on what we see is happening to your data. So we can stop, for example, all of your pictures form being encrypted.”
Scaife, Traynor and colleagues Kevin Butler at UF and Henry Carter at Villanova University lay out the solution in a paper accepted for publication at the IEEE International Conference on Distributed Computing Systems and scheduled to be presented June 29 in Nara, Japan.
The results, they said, were impressive.
“We ran our detector against several hundred ransomware samples that were live,” Scaife said, “and in those case it detected 100 percent of those malware samples and it did so after only a median of 10 files were encrypted.”
And CryptoDrop works seamlessly with antivirus software.
“About one-tenth of 1 percent of the files were lost,” Traynor said, “but the advantage is that it’s flexible. We don’t have to wait for that anti-virus update. If you have a new version of your ransomware, our system can detect that.”
The team currently has a functioning prototype that works with Windows-based systems and is seeking a partner to commercialize it and make it available publicly.
Learn more: Extortion extinction
The Latest on: Ransomware
via Google News
The Latest on: Ransomware
- Malwarebytes: Fileless ransomware an emerging threat for U.S. on December 27, 2018 at 2:42 pm
A completely fileless ransomware, dubbed Sorebrect, is "one of the first of its kind" to combine traditional ransom functionality with fileless tactics, according to a new Malwarebytes report. […]
- Battling Ransomware: How To Respond To A Ransomware Incident on December 27, 2018 at 5:30 am
So, you’ve been hit by a ransomware attack. You’re not alone. Ransomware has been around for a few years now, though it wasn’t until the quick-spreading WannaCry attack in 2017, which affected the Bri... […]
- 2019 To See Increase In Nation-State Cyberattacks, Ransomware on December 26, 2018 at 9:49 pm
Will the New Year bring an increase in cyberattacks? According to one security expert, the answer is, unfortunately, yes. According to Robert Ackerman, Jr., founder and managing director of cybersecur... […]
- JungleSec Ransomware Infects Victims Through IPMI Remote Consoles on December 26, 2018 at 7:08 am
A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November. When originally reported in early November, victims we... […]
- Ransomware attacks on ICS could be a reality in 2019: Gautam Kapoor, Partner, Deloitte India on December 24, 2018 at 9:01 pm
Enterprises of today have evolved rapidly in the last decade. Earlier, the scope of cyber security coverage was limited, since the enterprise network mainly comprised of corporate devices ... […]
- New Satan Variants Target Financial Sector With Monero Miners and Ransomware on December 21, 2018 at 8:16 am
Share New Satan Variants Target Financial Sector With Monero Miners and Ransomware on Twitter Share New Satan Variants Target Financial Sector With Monero Miners and Ransomware on Facebook Share ... […]
- Healthcare IT Solutions Company, Comport, Discusses Ways to Protect Hospitals from Ransomware Attacks on December 21, 2018 at 2:14 am
RAMSEY, N.J., Dec. 21, 2018 /PRNewswire/ -- In response to the rising threat of ransomware in the healthcare industry, Comport, a leading cloud computing and Healthcare IT Solutions Company, held ... […]
- GandCrab ransomware: How does it differ from previous versions? on December 19, 2018 at 6:25 am
A fourth version of the GandCrab ransomware was discovered in July 2018, but researchers are just starting to understand the extent of the changes. How does this version of GandCrab ransomware ... […]
- After SamSam, Ryuk shows targeted ransomware is still evolving on December 18, 2018 at 9:48 am
Thanks to Hajnalka Kope of SophosLabs for the research behind this article. Last month the world learned that the FBI thinks it has identified the two people behind the notorious SamSam ransomware ... […]
- Let’s order takeout — Hold the ransomware on December 18, 2018 at 4:00 am
After a demanding week, on Friday you order lunch to thank your employees for their hard work. Everyone decides on a restaurant, and you search online for the menu, download it, call, and place the or... […]
via Bing News