Everyone enjoys gazing at stars in a clear night sky. But what if someone were to ask you for money every time you looked at them? Sounds ludicrous, right? Imagine the same situation, but replace the sky with your hard drive and the stars with your photos, work files and personal documents. That “someone” is malware.
For the past year, this plauge has locked millions of people out of their PCs or mobile devices and made millions of dollars through extortion.
A short recap
Ransomware is a type of malware that infects and locks a system until the user pays to regain access to the data.
The concept behind it dates to the 80s, long before virtual currencies even existed. In 2014, ransomware and malvertising crossed paths and 50 times more people had their devices held hostage by crypto-ransomware. Last year, ransomware also took the highest toll a virus has ever taken, as two people committed suicide after being infected with IcePol or Cryptowall. So it’s no surprise antivirus vendors have been seeking solutions to stop this life-threatening virus.
How it works
When ransomware hit the scene a few years ago, computers predominantly got infected when users opened e-mail attachments containing malware, or were lured to a compromised website by a deceptive e-mail or pop-up window. Newer variants of ransomware have been seen to spread through removable USB drives or Yahoo Messenger, with the payload disguised as an image. Read more about how ransomware works.
Why is ransomware a challenge to AV solutions? Each ransomware variant can be engineered to operate differently. However, common traits include fairly complex obfuscation and covert launch mechanisms meant to avoid early antivirus detection. This means the malware wants to stay hidden, so it uses techniques to thwart detection and analysis—including obscure filenames, modifying file attributes, or operating under the pretense of legitimate programs and services. The malware’s additional layers of defense leave the data unreadable, which makes the process of reverse engineering very difficult.
But Bitdefender anti-malware experts found a way to recognize and block this threat. To infect devices, ransomware tries to access data files to perform encryption through Windows. When doing so, it displays the typical behavior of a malicious application. This is where Bitdefender comes in.
The major benefit
The newest Bitdefender 2016 line incorporates security technology that protects your files from ransomware. By recognizing typical ransomware behavior, Bitdefender automatically stops new or unknown ransomware from reaching your files and protects areas frequently targeted by this malware. It’s like stopping meteorites from reaching Earth’s surface and causing irreparable damage.
How? The Ransomware Behavioral Detection module embedded within the new line acts as a second layer of protection. After the AV engine performs standard detection, the RBD analyzes all applications, to identify abnormal user activity usually associated with ransomware infections. If an application takes several malicious actions typical of ransomware, it is blocked and the user is alerted through a pop-up window. Think of it as an essential activity performed by astronomers to identify a certain phenomenon. For example, to find a black hole at the center of the Milky Way, astronomers look for an empty spot where all of the stars are circling around as if they were orbiting a really dense mass. That’s a strong indicator of gravity.
With RBD, untrusted applications can’t Delete/Modify files in popular user folders like images, documents, music files, videos, games or financial files.
“Things are getting worse, and we’re seeing more of these infections,” says Bogdan Botezatu, Senior E-threat Analyst at Bitdefender. “Once you fall victim to ransomware, there is absolutely no way to get your data back without paying. But, if you pay, you are only encouraging this business and funding their research and development. Sometimes, the criminals will take the payment and not release your data, leaving you without your money or your information.”
You can find out more or start enjoying Bitdefender 2016 here.