CDSA

Academics Build Early-Warning Ransomware Detection System (Threat Post)

[svg-table-content]

While most of the discussion around ransomware is rightly so about the unabated stampede of new strains and variations on existing samples, relatively little discourse focuses on detection beyond antivirus and intrusion prevention systems.

Some generic ransomware detection systems for Windows and OS X exist, but many of those are signature-based or have other limitations that make them fairly trivial to bypass.

A team of researchers from the University of Florida and the Villanova University believe they have a built a better mousetrap, one that focuses on how ransomware transforms data rather than the execution of malicious code. Their utility is called CryptoDrop, and in a test against nearly 500 real-world ransomware samples from 14 distinct families, it detected 100 percent of attacks with relatively little file loss (a median loss of 10 files).