CryptoDrop can stop ransomware early on in the encryption phase
New software, designed by scientists at the University of Florida (UF), just might be the answer to thwarting the ever-growing problem of ransomware.
Ransomware is a form of malware used by cybercriminals to exploit users into paying significant sums of money to retrieve their own files. When an infection happens, the files on a user’s system are encrypted by the virus and the only way to regain access to those files is by paying a ransom to the hackers behind the attack.
However there could be a solution to this global nuisance in the form of new software called CryptoDrop that can detect malware and stop it after it has begun to encrypt a few of the files on a user’s system. It is not a perfect solution, but losing a few files is better than the alternatives of losing them all or paying a ransom to have them back.
CryptoDrop was developed by an associate professor in UF’s department of computer and information science named Patrick Traynor who worked alongside Nolen Scaife and Henry Carter, two PhD students from Villanova University.
Scaife explained how the ransomware detecting software worked, saying: “It doesn’t prevent the ransomware from starting… it prevents the ransomware from completing its task… so you lose only a couple of pictures or a couple of documents rather than everything that’s on your hard drive, and it relieves you of the burden of having to pay the ransom.”
During tests, CryptoDrop was able to detect 100 per cent of the malware samples it was supplied with and it was able to stop them after an average of 10 files were encrypted.
While this new software is certainly impressive, an expert at the security firm Alert Logic, Richard Cassidy shined light on its ineffectiveness to completely stop ransomware, saying: “Whilst the step taken by researchers at the University of Florida are indeed a novel way in which to detect and contain ransomware, it doesn’t serve as the ‘silver bullet’ for ransomware as a whole.”
“There are new variants being written all the time and ransomware writers will indeed take the time to dissect and understand how this new technology operates, creating versions that will attempt to either bypass detection, or at the very least search more effectively for likely sensitive files, before encrypting them, with the hope of having the biggest impact of securing a ransom payment.”
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Photo credit: wsf-s / Shutterstock