Are you willing to sacrifice a dozen or so of your files in order to save the rest from the grasping hands of modern crypto-ransomware?
I believe that the answer from most victims would be a resounding “Yes!”, and this is just what CryptoDrop does.
The anti-ransomware solution, which apparently works seamlessly with anti-virus software, was created by a group of researchers from the University of Florida and Villanova University:
It works as an early-warning system, and “sacrifices” a few files so that ransomware action can be detected and stopped.
It detects ransomware action by spotting bulk modification of file types and deletion of files, detecting considerable differences between files, spotting the sudden appearance of a great number of files of the same type, etc.
Unfortunately for current victims, the solution is still just a prototype. The researchers are looking for a partner that will help them turn it into a commercial product.
But there is no doubt that it’s pretty effective.
“We ran our detector against several hundred ransomware samples that were live and in those case it detected 100 percent of those malware samples and it did so after only a median of 10 files were encrypted,” shared Nolen Scaife, a UF doctoral student and one of the researchers behind CryptoDrop.
His colleague Patrick Traynor, an associate professor in the department of computer and information science and engineering at UF, says that about one-tenth of 1 percent of the files were lost, but the advantage [of the tool] is that it’s flexible.
“We don’t have to wait for that anti-virus update. If you have a new version of your ransomware, our system can detect that,” he noted.
More details about the solution can be had from this paper.