New Research Promises to Halt Ransomware in its Tracks

John Lister's picture

Researchers say they've found a way of severely limiting the damage ransomware causes. Meanwhile California legislators are mulling over new laws specifically aimed at the tactic.

Ransomware involves attackers remotely installing malicious software that encrypts files and makes them inaccessible without an unlock key. In many cases, this means victims can't access the data and may be unable to use the computer at all. The attackers then demand a fee to provide the unlock key.

The tactic has led to controversy over whether victims should pay the fee, something critics say merely encourages the attacks. However, both police forces and medical centers have chosen to pay the fee, saying it was the least worst option for being able to continue with their work.

Ransomware Could Be Stopped In Tracks

A team at the University of Florida have been working on a creative way to tackle ransomware. They've decided not to adopt common approaches of trying to prevent ransomware from being installed in the first place, or trying to decrypt the files after an attack.

Instead they've designed software called CryptoDrop. The idea is to monitor a computer and look for files being unexpectedly encrypted. This triggers the software to effectively freeze the computer, stopping the encryption process. (Source: bbc.co.uk)

The theory is that if the software works quickly enough, only a handful of files will be affected. That will likely mean the victim can live with just a few files being encrypted, and thus won't have to weigh up whether to pay the ransom.

Current Laws May Be Inadequate

Meanwhile, a bill in the California state legislature would specifically target ransomware. The bill's sponsors say existing federal law doesn't always apply neatly to ransomware attacks. That's because prosecutors must either rely on extortion laws, which are difficult to enforce, or use laws designed to deal with threats to persons and property. The problem is that these laws are generally worded to deal with the threat of damage, whereas technically with ransomware the damage is caused before the attackers make their demands.

If passed, the law would allow a maximum penalty of four years in prison and a fine of up to $10,000. It appears the bill has broad political support, though it's uncertain if it will complete the legislative process by the end of current session. (Source: latimes.com)

What's Your Opinion?

Does the CryptoDrop approach sound a sensible tactic? Can you foresee any problems? Should the California proposals to specifically criminalize ransomware attacks be adopted into federal law?

Rate this article: 
Average: 4.6 (5 votes)

Comments

Dennis Faas's picture

It sure would be nice to see some sort of global law passed designed to severely punish malware / ransomeware developers - much more than $10,000 and 4 years in prison. But trying to catch these bad guys is like trying to find a needle in a haystack.

jack_7386's picture

This sounds like the best approach yet. Let us know when this defense solution is available. JJA 2016-07-13

gmthomas44_4203's picture

How is California going to enforce such a law?? Law enforcement going to travel to Bulgaria, Kazhakstan(sp?), or Nigeria to "book-em Dano"? RIGHT---

royala_5291's picture

If the CryptoDrop is successful, and manages somehow to stay as close to proactive as it can, would be the answer. Of course that includes 'independent of network' backups which in the real world would be impossible to automate. Pricing would be the trick...

As for the CA law...just give it up. CA law may or may not be applicable anywhere but CA, and definitely not outside the US (isn't that where most of this 'stuff' originates?). Besides, more laws without the teeth to enforce them is just what we all need right now. Like there aren't enough laws on the books already that cannot and are not enforced for whatever reason, or old outdated laws that are enforced that are past ridiculous.

ferretsgold's picture

It seems that this kind of security could be built into the operating systems. Something like -- don't allow any encryption unless authorized by a local admin user with a unique password. Or prevent any encryption unless certain credentials are provided.

Doccus's picture

I really don't know what more I can add except that this is precisely what I have done in the past. Since often it comes via a browser page warning of "Malware!!" , with only an "ok" button, wherein the encryption does not start until the button is pressed (at least that's an educated guess) I've made a point of *not* clicking OK but instead of Force Quit and reboot.
These pages are pretty nasty pieces of work, after all. The bottom line is that unless you've made continuous saves you're SOL *any* ways, so any program that continuously monitors for ransomware is a Good Thing!

funkyecat's picture

Cryptodrop is a good start, until ransomware finds a way to bypass it,
New laws for Ransomware are needed in view of the major 'damage' (eg, Hospitals) is has caused, but the fine and imprisonment are too low.

lrusk_3060's picture

Personally, I feel that the death penalty is appropriate for ransomware exploiters, and there should be created a special strike force to hunt them down anywhere in the world. Our society tolerates far too much crap out of worthless people who don't give a damn about decency or propriety.

mark.c.hein's picture

While I realize the complexity of developing such an app and currently have several apps which have made mistakes in the past in diagnosing/discovering suspicious attacks, I do appreciate the complexity of keeping up with the people who use their skills for creating malicious and destructive software. However, I have, in the past, thoroughly deleted apps which (even if they've been installed for a while) cause my protection apps to send up a red flag(s) and DO eliminate them until I hear from the Antivirus, Malware app authors that the app in question was sending a false signal and will then re-install it.
I'm looking forward to having CryptoDrop available to us, the General Public soon!