Ransomware is exactly what the name says, a malicious software installed on the victim’s computer, encrypting data and demanding payment in exchange for decrypting the data. It is becoming a huge problem globally. Victims in the US lost more than $209 million in ransomware payments in the first three months of 2016 alone, compared with $25 million in all of 2015, according to the FBI.

Researchers of the University of Florida have developed a new solution that aims to stop ransomware. Their solution is called CryptoDrop, and it acts as a detection system for encryption. The researchers see it as an early warning system for ransomware infections because instead of completely stopping ransomware, it recognizes when ransomware may be executing on a machine and it stops it from continuing. This way you lose only a few pictures or documents rather than everything that’s on your hard drive, and it relieves you of the burden of having to pay the ransom. CryptoDrop works by monitoring for increases in encryption instances along with a few other red flags such as file type changes.

But does it work?

In tests, CryptoDrop had spotted 100% of malware samples and stopped it after an average of 10 files had been encrypted, according the Florida university researchers.

The only drawback to this technique currently is the possibility of false positives, “CryptoDrop is unable to determine the intent of the changes it inspects,” the researchers explained in the paper. “For example, it cannot distinguish whether the user or ransomware is encrypting a set of documents.” Consequently, certain legitimate programs may trigger CryptoDrop alerts when used.

The team at UF currently have a prototype that works with Windows-based systems and is seeking a commercial partner for the software to distribute it to the public.

Security experts have acknowledged that CryptoDrop is not a silver bullet for ransomware as a whole however it is a step in the right direction. In the meantime our security experts at Smarttech offer 5 tips for protecting your organisation against ransomware.

1. Back up your files on a regular basis

The best way to ensure you do not lose your files to ransomware is to back them up regularly. Storing your backup separately is also key – as discussed, some ransomware variants delete Windows shadow copies of files as a further tactic to prevent your recovery, so you need to store your backup offline.

2. Perform regular software and security updates

All applications come with bugs and vulnerabilities. It is highly critical to ensure that your system and applications are up-to-date, patched and monitored. This gives you the best chance to avoid your system being exploited using drive-by download attacks and software (particularly Adobe Flash, Microsoft Silverlight, Web Browser, etc.) vulnerabilities which are known for installing ransomware.

3. Browse and email responsibly!

Practice safe browsing to reduce the risk of drive-by attacks. Most ransomware arrives via spam email either by clicking the links or as attachments. Having a good email anti-virus scanner would also proactively block compromised or malicious website links or binary attachments that lead to ransomware.

4. Stop using easy passwords

Most people are using simple passwords and the same password across multiple websites which is a major vulnerability. Use complex passwords and change them frequently. Here are some best practices in terms of using complex passwords:

• Use a mix of alphabetical and numeric characters.
• Use a mixture of upper- and lowercase (passwords are case sensitive).
• Use symbols
• Use a combination of letters and numbers
• Pick something obscure:
  • an odd character in an otherwise familiar term
  • a combination of two unrelated words
  • Two words separated by a non-alphabetic, non-numeric, or punctuation character

5. Install a Firewall – block Tor and I2P, and restrict to specific ports.

Preventing the malware from reaching its call-home server via the network can disarm an active ransomware variant. As such, blocking connections to I2P or Tor servers via a firewall is an effective measure. Use special software at Server level to prevent file encryption on File Shares.

The conclusion is that the best cure for ransomware is rigorous prevention. Once a company falls prey and gets infected, the options may be limited, expensive and unpleasant. If you want more advice on how to prevent or remediate ransomware attacks, contact our security experts today!