cryptodrop CryptoDrop Gives Users Hope to Prevent Ransomware Infections in the Future

[vissha]

CryptoDrop Gives Users Hope to Prevent Ransomware Infections in the Future

 

 

CryptoDrop can detect and stop ransomware infections after these threats encrypt around 10 files on the user's PC

 

Quote

In the near future, there might be a simple way to stop ransomware infections from locking your files, if we are to believe a team of researchers from the University of Florida and Villanova University.

 

This team presented the CryptoDrop project to the world at the recently concluded IEEE International Conference on Distributed Computing Systems that took place on June 29 in Nara, Japan.

 

CryptoDrop is a computer application currently working only on Windows that keeps an eye on the user's filesystem for signs and operations specific to ransomware infections.

 

This includes a surge in encryption operations, a drop in available entropy (random data, used to power encryption operations), file type changes (ransomware changes file type extensions), and a few other more.

 

CryptoDrop can halt encryption-heavy OS processes

 

When CryptoDrop makes a detection, it will stop the process and alert the user that something suspicious is happening.

 

The application is not designed to work like an antivirus but alongside one. The researchers say that CryptoDrop will not be able to detect or stop ransomware before encrypting files, but after it already started, so using a powerful antivirus software is still recommended, in order to prevent and block common ransomware threats from taking root on a PC, to begin with.

 

The good news is that, during testing on a computer with 5,100 available files, CryptoDrop detected and stopped ransomware infections in its early stages.

 

They tested their system against 492 ransomware variants, got a 100 percent true positive rate, and ransomware families encrypted on average around ten files before being detected and stopped.

 

That's around 0.2 percent of the whole files available on the target computer, which is more than acceptable for any user who knows how crippling ransomware can really be.

 

CryptoDrop is similar to Cryptostalker, but for Windows

 

The project is similar to what Sean Williams had built this winter via his Cryptostalker project, which worked in a similar way, but for Linux systems. Just like Cryptostalker, CryptoDrop has issues with false positives at the process level, as the researchers explain.

 

"CryptoDrop is unable to determine the intent of the changes it inspects. For example, it cannot distinguish whether the user or ransomware is encrypting a set of document," the research team notes. "As a result, we expect that programs such as GPG and PGP, compression applications, and other applications which perform similar transformations will cause a CryptoDrop detection when applied to many user documents."

 

More details can be found in the research paper presented at the IEEE conference, called CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data.

 

The research team adds it's looking for partners to commercialize CryptoDrop and make publicly available.

 

 

Source

[straycat19]

3 hours ago, vissha said:

They tested their system against 492 ransomware variants, got a 100 percent true positive rate, and ransomware families encrypted on average around ten files before being detected and stopped.

 

My system stops all malware, doesn't allow any files to be changed on the system, doesn't require any additional software to be installed, and I have been using it for many years.  For those that want a software solution there are some available, such as CryptoPrevent.

 

3 hours ago, vissha said:

The research team adds it's looking for partners to commercialize CryptoDrop and make publicly available.

 

Which means they are going to charge for it, so you would have to purchase it.  CryptoPrevent, for example, is free.  My solution, as I have shared many times on this forum, is free.

[SnakeMasteR]

There is CryptoPrevent Premium.

Which offers automatic updates to the program and definitions, email alerts, and customized prevention rules for a one time payment.

Another commercial solution with HitmanPro.Alert with CryptoGuard.

[Batu69]

Researchers of the University of Florida have developed a new solution that aims to stop ransomware. In a test, the method called CryptoDrop, was able to detect and stop 100% of all 492 tested ransomware variants. The system works by detecting when malware tries to encrypt multiple files. After an application has encrypted a certain number of files, CryptoDrop will consider it as ransomware and stop it from further encrypting files.

 

CryptoDrop is not developed to prevent ransomware infections but instead to limit the damage as much as possible. In tests the software started to do its job when an average of 10 of 5100 files on the test computer were encrypted by ransomware. CryptoDrop prevented the ransomware from encrypting all files on the computer, which saves potential victims from paying a ransom. According to the researchers, the damage of a ransomware infection is limited to the user losing a handful of documents when CryptoDrop does it work properly.

 

The technology works by monitoring the files on the computer,  which is different from most other malware detection software. These usually monitor for applications that modify files. CryptoDrop instead recognizes suspicious file activity and then stops the responsible process. The system therefore monitors for overwriting, moving and replacing of files. Ransomware usually performs these operations while legitimate software hardly ever does.

 

This way CryptoDrop is able to detect and stop ransomware before a lot of files are lost. The researchers hope that this way users no longer need to pay a ransom, which makes ransomware less financially attractive to cybercriminals. In the end they hope it will end the current wave of ransomware infections.

The researchers have a working prototype for Windows and are currently looking for a partner to make it available on the market.

 

Article source

---

 

Crypto Drop architecture

 

Ransomware families tested against Crypto Drop

 

Florida U boffins think they've defeated all ransomware

[SnakeMasteR]

Similar topic

[Holmes]

Its not a similiar topic its the same topic so its posted no need to report because batusixnine can fix it himself.

[Batu69]

Thread has been merged.

[pc71520]

Ransomware 'stopped' by new software (BBC News)