Detecting cyber threats at an early stage can prevent the majority of damage from being done. A group of academics cobbled together an early-warning system for ransomware attacks. Generic systems were already available to major operating systems, but they are all rather easy to bypass. CryptoDrop, as this new utility is called, may hold the key to thwarting these malware attacks.
CryptoDrop May Beat Ransomware At An Early Stage
Researchers from Villanova University and the University of Florida have collaborated on a new initiative to bring ransomware attacks to a halt. Rather than looking at things after the malicious data is being executed, CryptoDrop focuses on how data is transformed. Early tests indicate a 100% success rate against almost 500 different ransomware versions from 14 “top” families.
The accompanying research paper states:
“Our system (built only for Windows) is the first ransomware detection system that monitors user data for changes that may indicate transformation rather than attempting to identify ransomware by inspecting its execution (e.g., API call monitoring) or contents,” the researchers wrote. “This allows CryptoDrop to detect suspicious activity regardless of the delivery mechanism or previous benign activity.”
Do not be mistaken in thinking CryptoDrop is a one-in-all solution, though. It remains important to run separate antivirus and antimalware software on computers. CryptoDrop can run alongside existing security programs, but is only designed to detect ransomware. In these cases, it is better to have different types of software focus on doing one thing right, rather than having one tool that does a less than adequate job for overall security.
A total of five – three primary and two two secondary – indicators are used by CryptoDrop to identify malicious file changes. This goes much further than looking if a file extension has been changed, though. CryptoDrop can look at things on the byte level, as any modification made there is always suspicious. Moreover, there is also a tool that measures encrypted file’s entropy as an indicator to detect modification.
So far, most of the ransomware samples triggered the three most important indicators. CryptoDrop will issue a “ranking” based on how dangerous ransomware can be. It will also warn users when suspicious activity is detected, and automatically kill the computer process once it reaches a certain threshold. In some cases, there will be minimal file loss, but the overall damage should be far less severe.
Image credit 1
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.