Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

About prevention there is something more that I am not sure has been mentioned, some tools are taking a new, broader approach to the problem, which is to constantly monitor for encrypted files and stop the associated processes, this way often limiting the loss to a few files, these are the links:

Criptostalker https://github.com/unixist/cryptostalker

Ransomwhere (macOS) https://objective-see.com/products/ransomwhere.html

Some theoretical information on this approach:

http://www.cise.ufl.edu/~traynor/papers/scaife-icdcs16.pdf



In principle it's super easy to detect, encrypted files look like random data and it's unlikely users would be replacing every file with random data on purpose. Its a never ending war though. If you got enough users to do this, the hackers would then switch to encryption that mimics what normal files look like to fool the detector.


Most users never start writing to all the files on their disk, why can't a rate limiter and warning kick in if that happens?


Highly recommend Ransomwhere for MacOS users. It has actually stopped a ransomware attack on one of my work machines.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: