Stories
Slash Boxes
Comments

SoylentNews is people

Software Developed by SMU Stops Ransomware Attacks

posted by Fnord666 on Sunday May 17 2020, @02:06AM   Printer-friendly
from the novel-approach dept.

upstart writes in with an IRC submission:

Software developed by SMU stops ransomware attacks:

Engineers from SMU's Darwin Deason Institute for Cybersecurity have developed software that detects ransomware attacks before attackers can inflict catastrophic damage.

[...] Unlike existing methods, such as antivirus software or other intrusion detection systems, SMU's new software works even if the ransomware is new and has not been used before.

SMU's detection method is known as sensor-based ransomware detection because the software doesn't rely on information from past ransomware infections to spot new ones on a computer. In contrast, existing technology needs signatures of past infections to do its job.

"With this software we are capable of detecting what's called zero-day ransomware because it's never been seen by the computer before," said Mitch Thornton, executive director of the Deason Institute and professor of electrical and computer engineering in SMU's Lyle School of Engineering. "Right now, there's little protection for zero-day ransomware, but this new software spots zero-day ransomware more than 95 percent of the time."

[...] "The results of testing this technique indicate that rogue encryption processes can be detected within a very small fraction of the time required to completely lock down all of a user's sensitive data files," Taylor noted. "So the technique detects instances of ransomware very quickly and well before extensive damage occurs to the victim's computer files."

[...] SMU's software functions by searching for small, yet distinguishable changes in certain sensors that are found inside computers to detect when unauthorized encryptions are taking place.

[...] Use of the computer's own devices to spot ransomware "is completely different than anything else that's out there," Taylor said.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Software Developed by SMU Stops Ransomware Attacks | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by RandomFactor on Sunday May 17 2020, @04:13AM (1 child)

    by RandomFactor (3682) Subscriber Badge on Sunday May 17 2020, @04:13AM (#995241) Journal

    That was my first thought also. Your encryption and compression, bad guy's encryption. How's a sensor to know the difference?

    I suppose if they can do it securely they could toss an alert up and you have to disable the software for a time period.

    --
    В «Правде» нет известий, в «Известиях» нет правды

  • (Score: 1, Interesting) by Anonymous Coward on Monday May 18 2020, @12:17AM

    by Anonymous Coward on Monday May 18 2020, @12:17AM (#995527)

    Right. This is a heuristic. It will have false positives in real use cases and false negatives (5%) also. It will also be subject to countercounterattack from ransomware, which might null out instead of encrypting if this countermeasure is detected, or might aim to disable this countermeasure before running and being spotted, or might adjust encryption computation (eg. using the GPU, less efficient but 'system noise'-indistinguishable software routines, or so on).

    Practically the heuristic of large-scale "reads A, deletes A and writes B" or "overwrites" events would pair well with this.