
Extortion extinction: Researchers develop a way to stop ransomware - vezycash
http://phys.org/news/2016-07-extortion-extinction-ransomware.html
======
tzs
I'm kind of surprised by this.

I've done some work for and remain acquaintances with people from a small
anti-virus company, and have been suggesting a very similar approach to them
off and on for at least 15 years but there was always too much other stuff
they were busy with for them to pursue it.

I've not followed the anti-virus industry closely (most of my work for that
small anti-virus company has been back end stuff, like payment processing, tax
reporting, and analytics), but have always assumed that numerous others both
before and after me had suggested and explored such behavioral approaches, and
that they would be common by now.

I will definitely not be above an "I told you so" if this turns out to be an
effective approach.

------
fbomb
Have a good backup system which keeps every version of a file for at least a
few months - or is that too obvious?

~~~
TeMPOraL
Not just not obvious, also expensive and quite a PITA to set up.

Also, you have to make sure the backup is done through a network - some
ransomware will happily encrypt any removable media you happen to plug in to
your computer.

~~~
acdha
> Not just not obvious, also expensive and quite a PITA to set up.

Unless you have petabytes of storage, a very slow internet connection, or need
to operate at an enterprise scale, this really hasn't been true for years:

1\. Go to CrashPlan.com 2\. Download and run the installer 3\. Pay your choice
of nothing to $12.50/month depending on how many computers you have and
whether you choose to backup to their cloud, a friend's computer, an external
drive, or any combination of the three.

1\. Go to Backblaze.com 2\. Download and run the installer 3\. Pay $5/month

1\. Pick one of the many AWS Glacier backup tools 2\. Set a minimum retention
policy in Glacier 3\. Pay for your total storage usage

The key part is the use of a service for which you do not have admin rights
and which has some sort of minimum retention period. Even Dropbox has that
now.

~~~
TeMPOraL
Thanks for the outline. I guess it's time for me to get off my butt and
actually set up some automated backups beyond Dropbox and Github (which,
combined, store about 90% of files that are actually important for me) :).

~~~
acdha
You might be fine simply with Dropbox since they added an extended history
plan which seems perfect for this:

[https://www.dropbox.com/en/help/113](https://www.dropbox.com/en/help/113)

The main thing I'd worry about is locking down your default browsing profile &
otherwise making it less likely to be compromised in the first place. I would
imagine for most people on HN, the greatest inconvenience would be dealing
with the mess if malware got access to your employer/customer's servers, data,
etc. That's harder (e.g. rigidly separate accounts or computers, reducing the
amount of access you operate with normally, etc.) but avoiding that mess is
worth it.

------
Mandatum
Bypass 1: Slowly encrypt files, scheduled task to be performed starting at
2AM.

Bypass 2: Spawn child processes per file to encrypt.

------
empath75
If this were widely deployed, ransomware authors would just study it and work
around it.

