The United States Patent and Trademark Office has granted this week a patent to online payments company PayPal for a technique for detecting and stopping ransomware attacks.
According to US patent number 10262138, issued on April 16, PayPal believes it can detect the early stages of a ransomware infection, and take one of two actions --to stop the encryption process, or to save a copy of the untainted original file to a remote server, before it gets encrypted, as a backup, so it can be restored later on.
How PayPal Can Detect Ransomware
At the patent's heart is the technique through which PayPal claims it can detect the onset of a ransomware infection.
PayPal says that its system will watch for when local files are loaded inside a computer's memory cache system, the place all files are loaded when an application needs to execute an operation.
PayPal's system will look for a certain action pattern --when the file is duplicated, and high-entropy (encryption) operations are performed on the duplicate.
This is a common technique used by many ransomware strains, which encrypt a copy of the original file, and then permanently delete the original, sending the encrypted copy for storage on disk, to replace the legitimate file.
PayPal's solution is to detect this pattern and introduce a whitelist of applications that are allowed to perform such actions. Full Story at ZDNet
Ransomware Hostage Rescue Manual
Get the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
- Resources
Don’t be taken hostage by ransomware. Download your rescue manual now!
Or cut&paste this link in your browser: http://info.knowbe4.com/ransomware-hostage-rescue-manual-0
