Ransomware could be a thing of the past, after the development of software that detects ransomware attacks before damage is inflicted on a user's computer.
Engineers from the Darwin Deason Institute for Cybersecurity at Southern Methodist University (SMU) in Texas have found a way to prevent attacks, even if the ransomware is new and has not been used before. The SMU detection method, known as "sensor-based ransomware detection", doesn’t rely on information from previous ransomware attacks - as does existing technology - to identify new strains on a computer.
"With this software we are capable of detecting what's called zero-day ransomware because it’s never been seen by the computer before," said Mitch Thornton, executive director of the Deason Institute and professor of electrical and computer engineering in SMU's Lyle School of Engineering. "Right now, there's little protection for zero-day ransomware, but this new software spots zero-day ransomware more than 95 percent of the time."
Ransomware - a form of malware that encrypts the files of its intended victim - lives up to its name because the attacker demands a ransom (usually in cryptocurrency such as Bitcoin) before restoring access to the data.
When attackers encrypt files, certain circuits inside a computer have power surges (specific to them) as files are scrambled. Sensors in a computer are able to measure temperature, power consumption, voltage levels, and other characteristics, and can detect these specific types of surges. The SMU software monitors these sensors and, if a suspicious surge is detected, alerts the computer to suspend or terminate the ransomware infection from completing the encryption process. It can also scan a computer for ransomware much faster than existing software.
"The results of testing this technique indicate that rogue encryption processes can be detected within a very small fraction of the time required to completely lock down all of a user’s sensitive data files," said Mike Taylor, lead creator of the software and a Ph.D. student at SMU. "So the technique detects instances of ransomware very quickly and well before extensive damage occurs to the victim’s computer files."
Ransomware attacks increase each year and, in the US alone in 2019, impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion. In 2020, 'revenue' from global ransomware attacks is predicted to reach around US$170 billion.
SMU's software could prove to be what the world has been looking for ... and what cybercriminals have been dreading.
*Lyle School of Engineering students Mike Taylor, a cybersecurity Ph.D. student, and Kaitlin N. Smith, a recent electrical engineering Ph.D. graduate, created the software, along with Mitch Thornton.
