A researcher has created a tool that can help alert users if they have been exposed to crypto-ransomware.
Sean Williams, a developer from San Francisco, designed the project, which he has named "Cryptostalker," in order to monitor a computer's filesystem for newly written files. If those files contain random data, which is a tell-tale sign of an encryption process, the tool alerts the system's user.
Williams first came up with the idea for Cryptostalker after his father's computer became infected with an early version of CryptoLocker, a common crypto-ransomware sample.
At this time, the project is in proof-of-concept and is available only for Linux. But with some performance testing, the researcher hopes he will be able to ultimately port the tool to other platforms on which ransomware infections are more common.
"My primary focus with Cryptostalker is to make it cross-platform," Williams told Softpedia in an interview. "Then ensure it’s as performant as possible. If necessary, I’ll write it in a faster language other than Python. At least as important as performance is the false-positive rate - this has to be low or it’s a worthless tool. The detection sensitivity can be tweaked with the tool in its current state, but I think there’s more work here."
The researcher hopes his tool can help check the growing sophistication of crypto-ransomware, which includes the recent discoveries of the first-ever public Linux and OS X ransomware strains, by building upon Cryptostalker and expanding its features to include the ability to detect and terminate suspicious endpoint communication.
Monitoring for changes to the filesystem is crucial for detecting ransomware. But not all ransomware samples work the same. Indeed, some strains' encryption processes may be subtler. This is why organisations should place emphasis on preventing infections in the first place.
One strategy for preventing ransomware revolves around investing in user awareness training software that can teach your employees to follow best security policies so that they will learn to exercise caution around suspicious emails, including those that contain URLs and attachments from unknown sources.