The United States Patent and Trademark Office has just published a patent belonging to PayPal Inc. and considering techniques for ransomware detection and mitigation. According to the patent content, PayPal has developed a technology that enables them to detect ransomware attacks at their very early stages and to stop the encryption as soon as that happens. Ransomware infections deploy specially crafted encryption tools that scan the infected system, encrypt the target files, store them locally and then delete the unencrypted originals. Some types of ransomware tools also save a copy of the original files to a remote malicious server. No matter the slight differences, there’s common ground as to how all ransomware works.
PayPal is confident that they can detect the first signs of the infection by monitoring the local filesystem and flagging memory caching activities as possibly malicious. When the encryption process starts, the “copy-files” must be loaded onto the cache, so that would be the first sign of trouble. The second would be file duplication and encryption operations of the file’s copy. By using this identification pattern, PayPal could detect malicious actions and stop the encryption process immediately. Of course, people purposefully encrypt files on their system for security reasons, so a whitelisting option will be there as well. Finally, the PayPal ransomware prevention system will be sending the original file that was about to get decrypted to their cloud service for backup, as an additional precautionary measure.
PayPal is not the only company who tries to enter the space of ransomware detection and prevention, but all previous attempts by others have failed to gain traction and win spectacular user adoption. Others due to inefficiency, others due to lack of customizing, and others because they were cumbersome to set up. If PayPal manages to “cash out” this patent, it will be thanks to their former employee and researcher Shlomi Boutnaru, a cybersecurity engineer who has left the company ten months ago.
Now, if you’re wondering about what you can do until advanced protection technologies like PayPal’s get bundled in an easy-to-use tool, here are the main methods of protection against ransomware:
Have you ever had a ransomware infection incident? Share your story in the comments section beneath, or TechNadu on Facebook and Twitter.