WithSecure creates an 'undo button' for ransomware

Ransomware attacks continue to plague organizations and can have an effect beyond the financial, damaging reputations and customer trust.

Now though WithSecure has developed a new technology called Activity Monitor that can essentially undo the damage malware can cause.

It works a bit like a sandbox, but instead of running code in an isolated environment, Activity Monitor creates selective backups of the system and data, and then allows the code to run on a system while monitoring the session. If it detects changes that could be harmful, it blocks the processes and uses the backups to restore the session to the state it was in before the malicious code ran.

"The analysis provided by a sandbox shows a very comprehensive picture of malware’s behavior but consumes a lot of resources, which limits their use," says WithSecure lead researcher Broderick Aquilino. "With Activity Monitor, we overcame these limitations by recreating the capabilities that sandboxes provide rather than how they work. Now we can create protection mechanisms that can bring these capabilities to more organizations."

Most ransomware encrypts the victim's data, and then provides decryption keys in exchange for a ransom. Activity Monitor is built to detect these types of changes, and on detecting the encryption processes, halts it and restores data to its unencrypted state.

WithSecure Intelligence vice president Paolo Palumbo expects the technology to provide many additional benefits to organizations. "This approach makes very powerful detection capabilities more efficient so it can be used in new ways. Efficiency is very important for security to ensure our solutions give organizations practical, effective protection without preventing them from doing their jobs or accomplishing their business goals. And as we develop new applications and features using this technology, we expect it to enable better, more efficient defense mechanisms for our clients."

You can find out more on the WithSecure site.

Image credit: tashatuvango/depositphotos.com

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.