ShieldFS can stop and reverse the effects of extortion code
Named ShieldFS, the new project is the product of 7 researchers from Politecnico di Milano University and is provided with details at the Black Hat USA 2017 security conference.
ShieldFS acts as a COW scanner and encryption operation
According to research reports released this year, ShieldFS has a complex mechanism, designed to detect COW (Copy-On-Write) activities.
COW operation takes place when the application obtains the file, copies, modifies and replaces the original file. Most ransomware variants today rely on the COW mechanism by taking the first file, encrypting its content and replacing it with the original file.
ShieldFS not only detects COW activity but also seeks to use symmetric encryption patterns, commonly used in file encryption.
Once the activity is detected in this form, ShieldFS will check the internal behavior pattern, differentiate normal processes from the infected ransomware.
According to the researchers, ShieldFS is currently equipped with models adapted to 2245 legitimate applications, allowing it to work without causing too many errors that lead to legal blocking.
ShieldFS is used as a file system to recover encrypted files
If ransomware is detected, ShieldFS will tell the operating system to stop the process and use the customized system file to reverse the ransomware behavior.
ShieldFS project is expected to help fight extortion
Technically, this is possible because ShieldFS is packaged as a drop-in driver installed on a virtual system file, designed 'shadowed' on COW operation, to keep a copy of the original file in Short time and allow to restore a certain amount of files.
It can be said that ShieldFS's real-time self-healing system file is like a replacement for Shadow Volume copying, which most variations of ransomware guarantee to be deleted before encrypting the user's file, avoid recovering by specialized data recovery software.
Here's a video of how ShieldFS works. Researchers are still working on this project, saying they intend to officially release in the near future. This is the full report on ShieldFS at Black Hat.https://www.blackhat.com/docs/us-17/wednesday/us-17-Continella-ShieldFS-The-Last-Word-In-Ransomware-Resilient-Filesystems.pdf
You should read it
- Ryuk Ransomware has added 'selective' encryption capabilities.
- How to back up the EFS file encryption key and certificate in Windows 10
- Top 20 best encryption software for Windows
- File encryption software and privacy protection messages
- Ransomware can encrypt cloud data
- GIBON extortion code spread through spam
- New ransomware detection not only encrypts files but also helps 'clean up' the system
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
May be interested
- Hacker attacks Chrome utility to install malwarescammers recently hacked an extension on google chrome after capturing a chrome web store account of a group of german developers a9t9 and using it to send spam messages to users.
- HBO hacked, leaked episodes with the Game of Thrones scriptif you are a loyal fan of the game of thrones series, this is probably good news for you, but bad news for hbo.
- Facebook changes News Feed, giving priority to fast loading websitesfacebook announced a change on its news feed on wednesday that websites with faster page load times would appear more. slow loading website will get down and get less reference traffic.
- Top 4 smartphones with 'buffalo' batteries todaythe criteria for buying a smartphone depend not only on the battery capacity but also on the features and life of the phone. however, you probably won't want your phone to run out of power in emergencies. in this article, tipsmake.com will introduce you to the top 4 smartphones with the longest battery life as well as quite good performance.
- There are 10 million self-build PC's while playing good games and learningself-assembling computers, build pcs is not difficult. if there are about 10 million, then these are the parts for you to build your computer while learning and playing games smoothly.
- Once the youngest employee in Google, this girl has just revealed a search engine that will cause Google to worrysearching on google sometimes brings a feeling of searching in vain. when typing a word into the search dialog, millions of results will appear with infinite information resources and will take hours to search. a startup from san francisco named node wants to change this.