Ransomware is a tool used by hackers to encrypt files on your computer, preventing access until payment can be extorted. In past year, the number of attacks has doubled, with the FBI predicting a further increase over the remainder of the year. Other than careful web browsing, ransomware has few preventative measures; once it has infected a computer, users will have to pay up or risk permanently losing their content. Now, scientists from the University of Florida have developed software that stops the attack head-on. Dubbed CryptoDrop, the solution deflects the attack by allowing the virus to take root before inoculating the computer against it.
“Our system is more of an early-warning system. It doesn't prevent the ransomware from starting … it prevents the ransomware from completing its task … so you lose only a couple of pictures or a couple of documents rather than everything that's on your hard drive, and it relieves you of the burden of having to pay the ransom,” said Nolen Scaife, a UF doctoral student and member of the team that created CryptoDrop.
Originating in the dark web, ransomware attacks are difficult, if not impossible to trace, and have caused a net loss of $24 million for individuals and businesses in 2015. Victims range from governments, healthcare providers, and educational institutions, to pedestrian computer users.
Attacks are commenced from compromised email accounts that send faulty hyperlinks to everyone in the address book. Then, when an unsuspecting user clicks the link thinking it originated from a trusted correspondent, the ransomware begins to encrypt portions of the hardware and the user finds him or herself with a pop-up requesting anywhere from a few hundred to a few thousand dollars in bitcoins.
“It's an incredibly easy way to monetize a bad use of software,” said Patrick Traynor, an associate professor in UF's department of computer and information science who worked alongside Scaife in developing CryptoDrop.
Updated antivirus software may intercept the attack and prevent it from infecting the computer, but it's not a full-proof measure as ransomware is ever changing.
“These attacks are tailored and unique every time they get installed on someone's system,” Scaife said. “Antivirus is really good at stopping things it's seen before … That's where our solution is better than traditional anti-viruses. If something that's benign starts to behave maliciously, then what we can do is take action against that based on what we see is happening to your data. So we can stop, for example, all of your pictures from being encrypted.”
CryptoDrop works seamlessly with existing antiviruses. In tests performed against several hundred samples, the software was able to successfully thwart 100 percent of all ransomware attempts after only about ten files were encrypted. It functions as a countermeasure that sacrifices a few files in order to save the majority.
“About one-tenth of 1 percent of the files were lost,” Traynor said, “but the advantage is that it's flexible. We don't have to wait for that anti-virus update. If you have a new version of your ransomware, our system can detect that.”
Source: Phys.org
Advertisement
Learn more about Electronic Products Magazine
