Security researchers found a new solution for ransomware prevention
Italian researchers revealed good news for computer and Internet users all over the world. There might be a way to stop ransomware attacks in the near future. Seven researchers from Politecnico di Milano University introduced a ShieldFS tool that is capable of blocking traditional ransomware attacks.
Security experts noticed a massive increase in ransomware attacks in 2016. Compared to 2015’s statistics, ransomware attacks skyrocketed up to 6,000% in 2016. Thousands of people, companies, and governmental institutions paid enormous ransoms. However, not all of them got a chance to decrypt their files.
Nevertheless, last year security company Cyberreason introduced a free revolutionary tool named RansomFree that can protect computers from ransomware attacks; hazardous file-encrypting viruses continue causing damage to the computer users in 2017. Although security experts often warn about necessary precautions, developers of ransomware become better and better in developing ransomware viruses.
However, recently presented ShieldFS might be the light at the end of the tunnel. Unfortunately, this tool is not available to download or purchase yet. Researchers continue working on it and hope to make it available publicly soon.
Good news from Italy – ShieldFS – a program that blocks ransomware attacks on the computers
This unique software was presented in The Black Hat event. Here authors explained that this tool could protect even from the recently emerged WannaCry ransomware. According to them, ShieldFS managed to detect the virus after it encrypted less than 200 files. But the point is that all of them were recovered automatically.
However, this tool was tested with 1483 ransomware examples, including Locky, TeslaCrypt, Cryptolocker, and other well-known viruses. It managed to detect 96.9% attacks (1436 of 1483), and none of the files were lost.
According to the researchers, ShieldFS is “an add-on driver that makes the Windows native filesystem immune to ransomware attacks.”  This tool does not work as a regular antivirus software. It only scans the system for ransomware by identifying its behavior on the affected device.
This tool is created to detect encryption procedure, not a specific virus. Thus, it might block not only well-known viruses. Ir might detect their latest versions or brand new crypto-creations spread by cyber criminals. Therefore, ShieldFS might be the innovative solution for ransomware prevention.
Currently, this software is not available to people who would like to protect their computers and data from damaging viruses. It is only used for researcher purpose. Researchers are working and improving this tool. Meanwhile, the critics of this tool highlight possible security risks. In order to operate, this program requires extensive privileges to the computer.
Operation of the ShieldFS
Authors explain the functionality of ShieldFS quite simply: “[it] scans the memory of any process considered as “potentially malicious,” searching for traces of the typical block cipher key schedules.”
Therefore, if ransomware launches the attack, ShieldFS immediately detects unusual activity on the computer and starts analyzing it. The purpose of this scan is to identify if crypto-malware entered the system or not.
During this process, called “shadowing” the tool creates logs of unknown program’s activities. If it detects that these operations belong to ransomware and damages the files, it simply blocks them. However, it’s not enough.
Once malicious virus attack is disabled, ShieldFS starts recovering affected files. The program has real-time and self-healing systems that are an alternative to Shadow Volume Copies. These files are usually deleted by ransomware viruses in order to avoid data recovery.
However, this tool is not perfect. It can only stop “traditional” ransomware attacks. This term hides file-encrypting viruses that scan the computer encrypting targeted files. This tool won’t protect from ransomware that locks the system and prevents computer users from accessing it. Thus, this tool won’t be able to stop notorious Petya ransomware family.