We have been witnessing some important breakthroughs in the fight against cybercrime. Ransomware attacks have been one of the biggest threats of the past few years, even though some reports might claim otherwise. A new Windows tool has been developed to stop ransomware infection and even revert the damage it has caused up to that moment. This constitutes a major breakthrough, courtesy of Italian researchers.
ShieldFS Is a Major Anti-Ransomware Tool
Most malicious software attacks are executed on the Windows operating system. That should not come as a surprise, since Windows is the most commonly used computer operating system in the world. While Linux and MacOS have their own communities, their respective market shares are a lot smaller. This also makes those operating systems less attractive to cybercriminals.
Unfortunately, this trend also has allowed the Windows ransomware ecosystem to flourish. New variants are discovered on a regular basis, although not all of these attacks will cause massive damage. We do know Ransomware developers prefer to get paid in Bitcoin over other forms of payment, despite the cryptocurrency lacking privacy and anonymity traits. It also appears criminals will no longer be able to launder their proceeds through the BTC-E exchange.
Now that Italian researchers have come up with an optical tool to stop and revert ransomware infections, things will be getting even more interesting. Their new tool is known as ShieldFS and serves as a Windows drop-in driver and custom filesystem. Its main selling points are the abilities to detect telltale signs of a ransomware infection, preventing malicious actions, and reverting encrypted files back to their original states. This latter aspect is especially important, as most people pay ransomware developers to have their files decrypted. That will no longer be required, by the looks of things.
As soon as ShieldFS detects a potential threat, it will sort through its internal behavioral models to determine whether or not the user is dealing with ransomware. Assuming that is the case, it will then take necessary action to prevent further damage from being done. The number of false positives should be relatively small, as the program has a database of 2,245 legitimate processes and applications from which to discern. This database will receive regular updates as time progresses.
The way ShieldFS can restore files is through its self-healing filesystem. This custom virtual filesystem keeps copies of original files for a short time, allowing it to restore some data. It is possible users will not be able to have all of their information decrypted with this tool, and only time will tell how successful this measure can be. Experts acknowledge this method is a worthy alternative to shadow volume copies, which are often deleted by malware to prevent users from recovering their files by restoring a data backup.
An official release of ShieldFS has not been announced yet, but it should be available soon. Once this tool is actively distributed on a global scale, the real war on ransomware can start. We have included a demo video of what this tool can do below. ShieldFS will change the way we protect ourselves against malicious software, assuming this project can deliver on its initial promises.