CryptoDrop, an early warning system against ransomeware

Subject: General Tech | July 13, 2016 - 01:29 PM |
Tagged: ransomware, CryptoDrop

Given the choice between a confirmation pop up every time you zip numerous files simultaneously or add encryption to a folder or being infected with ransomware; which would you choose?  Researchers at the University of Florida and Villanova University have developed software called CryptoLock which scans your systems for bulk modification of file types, a significant change in the contents of those files and an increase in the Shannon Entropy of the files.  All three of those indicate a file is being encrypted and if it is happening to numerous ones in a very short period of time then the software will put a halt to it until you confirm that this is expected behaviour.  You get a quick overview over at The Register as well as a link to the PDF of the researchers work.

Sounds like a pop up we can live with, considering the alternative.  Hopefully this will arrive on the market soon.

View Full Size

"Taking a “save what you can” approach, the authors of this PDF reckon in their tests they were able to lower the boom on ransomware when it had encrypted just 0.2 per cent of files on their test setup."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Video News


July 13, 2016 | 01:59 PM - Posted by Anonymous (not verified)

Is it CryptoLock or CryptoDrop? Because CryptoLock is a known trojan.

July 13, 2016 | 02:25 PM - Posted by Jeremy Hellstrom

There is a reason I had CryptoLocker on the brain and was excited to see this ... good catch, I put in the right name.

July 14, 2016 | 03:19 AM - Posted by Anonymous (not verified)

...another one: " ...University have developed software called CryptoLock which..."

I jumped to download it as my firm had some issues a year ago with a crypto ransomware bugger, but it's not available yet. Can't wait.

July 14, 2016 | 02:55 AM - Posted by Anonymous (not verified)

Why not just back up your stuff which you should do anyway, Worst case scenario you format hard drive and reinstall.

July 14, 2016 | 03:21 AM - Posted by Anonymous (not verified)

At home that's fine. At work it means a lot of downtime while you format or factory reset everything and recover from backup.

It's the same thing like with a regular virus: you would want to make it harder for the bugger to get loose on your network and until now, I don't think I've seen any research results in this field.

July 14, 2016 | 01:33 PM - Posted by Jeremy Hellstrom

Restoring ~1TB of server from TAPE!  Formatting a HDD is the best case scenario.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.