Scientists at the University of Florida (UF) say they have developed software that can stop ransomware in its tracks. The solution – dubbed CryptoDrop – detected the malware and stopped it after it had encrypted just a handful of files, said its developers. IT security experts from Tripwire, ESET and AlienVault discuss what this new software means.
Tim Erlin, Director, Security and IT Risk Strategist at Tripwire:
“While the malware itself is a serious problem, we seem to have given up on solving the problem of how it gets onto devices. Users have been clicking on malicious emails for a lot longer than this new breed of ransomware has been around.
Limiting the damage an attack can do isn’t a new security tactic. Response, as described in this paper, is a valid part of a comprehensive approach to managing security.
The research is promising, and it will be exciting to see how it works in the real world.”
Mark James, Security Specialist at ESET:
“Any deterrent or recovery from ransomware is a fantastic idea. It’s one of those prolific threats that can quite literally affect anyone and everyone and anything we can do to help or even stop it gets all the support from me. But as with anything like this, it relies on uptake and of course cost, this particular method will stop ransomware after it has encrypted a few files, what happens if those “few” files are your most important?
Don’t get me wrong, I wholeheartedly welcome anything that will help the victim but there are lots of things we can already do to protect against ransomware. It’s always mentioned time and again but backup and disaster recovery will protect you against ransomware every time. It can be low cost, it can be easy, it’s available now and anyone can get it and use it. Multi layered protection is the best way to combat modern day threats, those layers will include, internet security software, firewalls, backup software, updated hardware and operating systems, knowledge and of course common-sense. All these things are available to everyone reading this right now to protect your very valuable often priceless memories or data.”
Javvad Malik, Security Advocate at AlienVault:
“Ransomware is a major issue that affects consumers and companies across all verticals and sizes. It’s a problem that many researchers across the globe are actively working to address.
“One of the biggest challenges is the variety of different ways ransomware operates. Written and executed in different ways. Currently, the best way to detect ransomware is by implementing a unified approach that looks for different behaviors across the network and host machine. This includes communication established with command and control centers or files are changed locally. In order to stay up to date with the methods and infrastructure that attackers are using, timely and reliable threat intelligence plays a crucial role.
“This is particularly important as attackers will often change their tactics in response to evolving defenses, in the classic cat-and-mouse game we have witnessed in cyber security over the years.”