Researchers developing ways to end ‘ransomware’ with new program that pounces once an attack begins

(Cyberwar.news) Ransomware – encrypted malware code that hackers use to take control over your computer files then demand money to free up the contents – is a major problem that is expanding throughout the world with few solutions. That may be about to change.

A team of researchers at the University of Florida says that it has devised a way to stop ransomware. The solution, the team has said, is not in keeping the malware out of a computer but rather confronting it once it is there and, counterintuitively, allowing it to lock up a few files before pouncing on it.

“Our system is more of an early-warning system. It doesn’t prevent the ransomware from starting … it prevents the ransomware from completing its task … so you lose only a couple of pictures or a couple of documents rather than everything that’s on your hard drive, and it relieves you of the burden of having to pay the ransom,” said Nolen Scaife, a UF doctoral student and founding member of UF’s Florida Institute for Cybersecurity Research.

In a press release, the university said that Scaife is part of a team that has devised a ransomware solution, called CryptoDrop.

Ransomware assaults have become a top priority in the digital world. The FBI even issued a warning in May stating that the number of attacks has doubled in the past year and will likely grow even faster this year. The bureau also said it had received in excess of 2,400 complaints last year and estimated loses from such attacks at around $24 million for individuals and businesses.

Cyber ransomware attacks usually come from shadowy figures from other countries who lurk on the Dark Web and are nearly impossible to find. Victims have included individuals, governments, health care providers, industry, financial institutions and educational facilities.

Attacks most often show up in the form of an email that appears to be from someone familiar. The recipient clicks on a link in the email and unknowingly unleashes malware that encrypts his or her data. The next thing to appear is a message demanding the ransom, typically anywhere from a few hundred to a few thousand dollars, the university said.

“It’s an incredibly easy way to monetize a bad use of software,” said Patrick Traynor, an associate professor in UF’s department of  computer and information science and engineering at UF and also a member of the Florida Institute for Cybersecurity Research. He and Scaife worked together on developing CryptoDrop.

Antivirus software is effective at stopping ransomware when it recognizes it, but therein lies the problem, say researchers.

“These attacks are tailored and unique every time they get installed on someone’s system,” Scaife said. “Antivirus is really good at stopping things it’s seen before … That’s where our solution is better than traditional anti-viruses. If something that’s benign starts to behave maliciously, then what we can do is take action against that based on what we see is happening to your data. So we can stop, for example, all of your pictures form being encrypted.”

He said he and his team “ran our detector against several hundred ransomware samples that were live, and in those case it detected 100 percent of those malware samples and it did so after only a median of 10 files were encrypted.”

The team is set to publish its findings, here.

 

More:

Cyberwar.news is part of the USA Features Media network. Sign up to have our daily headlines emailed directly to you here.