CryptoDrop Aborts Ransomware Infection Prior to 100% File Encryption

University of Florida researchers during a test have developed CryptoDrop a method for stopping ransomware by detecting the malware before it fully encrypts all files on the host PC. The researchers' test found that CryptoDrop successfully halted the entire 492 ransomware samples put to test from doing their cent percent malicious operations. The solution involves identifying the malware when it attempts at encrypting a certain number of files. Once the ransomware variant encrypts multiple files CryptoDrop will recognize the malware and prevent it from doing any more encryption.

At present, CryptoDrop is an effective solution solely for Windows computers which remains watchful of the end-user's directories and folders to detect indications and activities particularly of ransomware potentially infecting the system. These comprise an onslaught of encryption operations, existing entropy that's referred to random data utilized for boosting encryption activity, alterations in file type as ransom software overwrites file extensions, along with some more of similar behaviors.

CryptoDrop isn't meant for halting ransomware infections rather it restricts the damage to the maximum possible. During the researchers' tests, the computer application began doing its task at the time a mean of 10 files from a total 5,100 that were contained in the test PC underwent ransomware's encryption. CryptoDrop stopped encryption of the entire stock of files that would aid potential victims not to make any ransom payment. Consequently, the researchers explain, the ransomware's damage is only to the extent of the end-user losing a few files if CryptoDrop performs its function properly. Myce.com posted this dated July 11, 2016.

The researchers' trial of the CryptoDrop software against the 492 ransomware samples yielded result that was 100% true positive. Unlike the majority of other malware identification programs, CryptoDrop's method involves monitoring of the PC folders. The former normally look for applications which alter the content of files, while CryptoDrop picks up dubious file activity followed with halting the process behind it. Thus, CryptoDrop essentially monitors activities such as moving, overwriting or substitution of files.

The researchers' group states it's seeking partners for making CryptoDrop obtainable to the general public over a commercial value.

» SPAMfighter News - 7/15/2016