Donate to Science & Enterprise

S&E on Mastodon

S&E on LinkedIn

S&E on Flipboard

Please share Science & Enterprise

Univ. Lab Develops Ransomware Detection Software

Cyber-security graphic


14 May 2020. A computer science lab at Southern Methodist University developed software that the researchers say detects ransomware before damage can occur. The software is designed by graduate students at SMU’s Deason cyber security institute in Dallas, Texas, and according to tests can stop new types of ransomware not encountered before.

Ransomware is malicious software, also known as malware, that computer users inadvertently download or open on their systems. The malware code is often hidden in innocent-looking email attachments and advertisement links, or sent to visitors of some web sites. When inside the user’s computer, the malware locks access to the system or its computer files, or even entire networks, and demands a ransom, usually payable in untraceable virtual currencies. Attackers promise to release the infected files, although the FBI recommends not paying the ransom, since there’s no guarantee the attackers will keep their promise.

The threat from ransomware has increased recently with the Covid-19 pandemic. A study by Microsoft, reported by Wired, indicates a number of ransomware groups gained access to enterprise systems over the past several months, and unleashed their attacks during April 2020, focusing particularly on health care organizations and critical industries. According to Microsoft, the attackers “compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks by deploying ransomware when they would see the most financial gain.”

Ransomware attacks often work in background on infected systems without users being aware they’re under attack. An SMU team of doctoral students Michael Taylor and Kaitlin Smith — now a postdoctoral researcher at University of Chicago — with electrical and computer engineering professor Mitch Thornton, designed the software to catch ransomware code before it locks down the targeted system.

The team’s software, called sensor-based ransomware detection, tracks the physical state of a system by monitoring sensors built into modern computers, such as power consumption and hardware performance counters in central processing units or CPUs. As a result, the software does not rely on known software signatures of suspected attackers, and can prevent so-called zero-day ransomware, perpetrated by completely novel attacks where no previous defenses are installed. In a paper describing the software given at a 2017 conference, the researchers say their tests show sensor-based ransomware detection stops 95 percent of zero-day ransomware before they get started, with a 6 percent false-positive rate.

“The results of testing this technique,” says Taylor in a university statement, “indicate that rogue encryption processes can be detected within a very small fraction of the time required to completely lock down all of a user’s sensitive data files. So the technique detects instances of ransomware very quickly and well before extensive damage occurs to the victim’s computer files.”

The university says it filed for a U.S. patent on the technology.

More from Science & Enterprise:

*     *     *

Comments are closed.