Extortion Extinction: Researchers Develop a Way to Stop Ransomware

by Steve Orlando, University of Florida News

Ransomware – what hackers use to encrypt your computer files and demand money in exchange for freeing those contents – is an exploding global problem with few solutions, but a team of University of Florida researchers says it has developed a way to stop it dead in its tracks.  The answer, they say, lies not in keeping it out of a computer but rather in confronting it once it’s there and, counter intuitively, actually letting it lock up a few files before clamping down on it.

Ransomware attacks have become one of the most urgent problems in the digital world. The FBI issued a warning in May saying the number of attacks has doubled in the past year and is expected to grow even more rapidly this year.  It said it received more than 2,400 complaints last year and estimated losses from such attacks at $24 million last year for individuals and businesses.

University of Florida (UF) researchers have developed CryptoDrop, a system they say can thwart ransomware. CryptoDrop does not prevent ransomware from starting, but it prevents malware from completing its task.

“So you lose only a couple of pictures or a couple of documents rather than everything that’s on your hard drive, and it relieves you of the burden of having to pay the ransom,” says UF doctoral student Nolen Scaife, a founding member of UF’s Florida Institute for Cybersecurity Research.

The UF team describes CryptoDrop as an early-warning system, and says its results have been impressive. During a run against several hundred ransomware samples that were live, CryptoDrop detected 100 percent of the samples, and it did so after only an average of 10 files were encrypted, according to Scaife.

The team also says CryptoDrop works seamlessly with antivirus software. “About one-tenth of 1 percent of the files were lost, but the advantage is that it’s flexible,” says UF professor Patrick Traynor. “We don’t have to wait for that antivirus update. If you have a new version of your ransomware, our system can detect that.”  Read the article