Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

How to defeat every ransomware with Crypto Drop

A group of American boffins have devised a system dubbed Crypto Drop that working with a “save what you can” approach is able to defeat all ransomware. A group of researchers from the University of Florida and Villanova University has devised a technique, dubbed Crypto Drop, to defeat all ransomware. The team published a paper […]

How to defeat every ransomware with Crypto Drop

A group of American boffins have devised a system dubbed Crypto Drop that working with a “save what you can” approach is able to defeat all ransomware.

A group of researchers from the University of Florida and Villanova University has devised a technique, dubbed Crypto Drop, to defeat all ransomware. The team published a paper on their study that demonstrate that it is possible to stop the threat by monitoring the activity on the targeted files.

Of course, it is a best effort approach, the countermeasures are triggered once the ransomware start encrypting files, the experts demonstrated that it is possible to block it when it had encrypted just 0.2 percent of files on the infected machine.

The technique relies on three primary indicators of the ransomware activity:

  • Bulk modification of file types;
  • Dissimilarity – the encrypted file looks nothing like the plaintext. This, after all, is a characteristic of all encryption;
  • Entropy – encryption should produce consistency high entropy in its output.

The researchers also identified so-called secondary indicators that support the primary ones, including deleting files in bulk and file type funnelling.

To analysis of the file modifications was conducted by the researchers using a tool called sdhash, which once executed provides a similarity score between the original file and the encrypted one.

The test confirmed that the technique is able to contain the action of the ransomware, for all malware samples only 10 files were lost out of a total of 5,099 (0.2 percent).

The table below includes the results for the test conducted using  Crypto Drop against the principal ransomware families.

crypto drop ransomware results

It is important to clarify that the Crypto Drop is not a totally automated system, instead it requests user’s interaction to distinguish between legitimate activity (encrypting files with common compression tool) and a ransomware-based attack.

Stay Tuned!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Crypto Drop, ransomware)