Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ransomware: Anti-virus unable to detect it (ieee.org)
29 points by MalwareGuy on Jan 19, 2021 | hide | past | favorite | 6 comments


Interesting. You still need to download the ransomware file encryption program, which is something users aren't likely to have, and would quickly be detected everywhere once a few people report it. Normal compression programs have limits and wouldn't continue working after the user reboots etc.


Yes, but if the user is able to add exceptions to the anti-virus program, the malware would simply automate that.

Things like this are why popular operating systems are increasingly diverting control from the user to their vendor. And frankly I think it's impossible for those vendors to win the arms race TFA refers to.


Windows includes a full disk encryption system and a file encryption system. All you need to do is steal the key and remove it from the user.


The ransomware part requires you to have some way of informing the user of the situation, and give them a way to pay the ransom and communicate.

I'd argue the easier part is the encryption, the harder part is the ransom delivery and file decryption automation.


Showing a pop-up isn’t a malware specific action and ransom delivery and decryption doesn’t need to be automated. Why wouldn’t an attacker be able to send the user the key and some instructions? And a lot of ransomware already just shows a Bitcoin address and a message telling the user to send money himself.


Can we add [PDF] in the title?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: