New software developed by SMU’s Darwin Deason Institute for Cybersecurity enables existing PC/laptop sensors to detect any Ransomware
Ransomware is emerging as the biggest threat vector not only for companies but also for individuals. In recent weeks we have seen exponential growth of ransomware attacks on companies like Stadler. The cybercriminals are targetting hospitals and healthcare firms working with Coronavirus pandemic patients. We have also seen a change of tactics by ransomware authors like Axo ransomware which demands two ransoms. The FBI estimates that ransomware victims have paid hackers more than $140 million in the last six-and-a-half years.
The top anti-virus software detects ransomware but only after it has been identified and its signatures are available with the AV firms. Now the researchers from SMU’s Darwin Deason Institute for Cybersecurity have developed new software that uses your PC/laptop’s existing sensors to detect ANY ransomware.
SMU’s software differs from existing ransomware detection methods, such as antivirus software or other intrusion detection systems and uses sensors to detect the ransomware. The good news is that SMU‘s new software works even if the ransomware is new and has not been used before.
What is sensor detection the SMU software relies on for ransomware detection
SMU’s detection method is known as sensor-based ransomware detection because the software doesn’t rely on information from past ransomware infections to spot new ones on a computer. The current anti-virus and anti-intrusion software need signatures of past infections to detect and identify any ransomware. SMU’s software enables the sensors already available on the PC/laptop to scan and identify the ransomware.
With this software we are capable of detecting what’s called zero-day ransomware because it’s never been seen by the computer before. Right now, there’s little protection for zero-day ransomware, but this new software spots zero-day ransomware more than 95 percent of the time.
SMU’s software scans computers faster
SMU says that it’s new software scans computers and laptops faster than the existing AV software.
The results of testing this technique indicate that rogue encryption processes can be detected within a very small fraction of the time required to completely lock down all of a user’s sensitive data files,” Taylor noted. “So the technique detects instances of ransomware very quickly and well before extensive damage occurs to the victim’s computer files.
How does SMU software detect ransomware
Normally any ransomware infects the victim’s PC/laptop through a phishing email or text. Once the ransomware is executed by the victim by clicking on the link, its payload encrypts the files on the PC/laptop unknown to the victim. Once it has encrypted all the files, it alerts the victim to pay a ransom, typically in a non-traceable currency such as bitcoins, in order to receive the key to decrypt their files. It also warns the victim that if they do not pay the ransom within a certain time period, the key for decryption will be destroyed and thus, they will lose their data.
SMU’s software uses a novel way to detect ransomware. The software functions by searching for small, yet distinguishable changes in certain sensors that are found inside computers to detect when unauthorized encryptions are taking place.
When attackers encrypt files, certain circuits inside the computer have specific types of power surges as files are encrypted. Computer sensors that measure temperature, power consumption, voltage levels, and other characteristics can detect these specific types of surges. The SMU software taps into these particular changes to identify ransomware intrusion.
As soon as the software detects ransomware instruction, it alerts the victim to suspend or terminate the ransomware infection from completing the encryption process.
Use of the computer’s own devices to spot ransomware “is completely different than anything else that’s out there.
SMU’s software’s intrusion detection engine is indeed novel. If it works, it can help millions of ransomware victims who pay anywhere from $100 to $1,000,000 to such ransomware makers.