House And Shop Gates Against Ransomware

This is a post series on cyber crime. For more posts click here or the cybercrime tag below.

When you lived or ran a shop in NYC back in the days before the Guiliani  administration you had to take special measures to protect your home or business.  You put multiple lock on the doors and you put steel grates or panels over the windows and doors of you business.  All because nobody was enforcing the laws back then.

Well the internet is sort of going the same way with malware and ransomware, so the same sort of enhanced security is going to be needed.  Especially with ransomware there is an need for software that goes beyond the typical antivirus or malware app that you have now.

I have some ideas.  This is software that could enhance the safety of your file and prevent the ransomware from trashing everything.

  1. A software that makes a designated drive hidden or locked so that it’s only visible to authorized software.  This could be used a floating backup or directly by applications.  the key thing is that I cannot be directly accesses by an unauthorized app.  The software could be sold with a removable drive as a backup protection.
  2. An OS tool that monitors the number of read/writes that an app does and if it reads and rewrites too many file aborts the process and asks the user to validate the process. With an internet check of the process’s bona fides.
  3. An app that makes it easy to set the  file extensions and allows the user to either set custom files extensions for common software and change the defaults of say MS Word or Excel or apply random extensions.  Ransomware uses the file extensions to determine which files to encrypt to avoid trashing the machine the malware is running on. It won’t encrypt files that it can’t see.
  4. An app that allows the user to limit the accessibility of drives and folders.  Unix used to have this built in and  it was a useful tool for protecting files.

That’s it for now.  these are just some ideas off the top of my head, but I’ve done a little thinking about how to do most of them.  I don’t have the resources to pursue actually coding what I want but if it doesn’t look like somebody else is working stuff like this I may change my mind.

That’s it for this week.  Here’s the week in ransomware.

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-20th-2017-satan-raas-spora-locky-and-more/

 

 

Advertisements

2 comments

  1. penneyvanderbilt · January 22

    Reblogged this on Ancien Hippie.

    Like

  2. StargazerA5 · January 22

    1. Sounds somewhat similar to software sandboxing but in reverse. Not sure how practical your version would be as the installer of the ransomware could write access to the sandboxed resources and all it would take would be clicking through something similar to a windows UAC or equivalent, which people quickly become trained to do.

    2. Sounds interesting as an alert at first glance, but I can see issues with patch updates triggering the alert or potentially unzipping large archives also doing so.

    3. I believe file extensions are a Windows (DOS?) artifact. If I remember correctly, UNIX relatives like Linux and iOS ignore them but can still identify the correct file type on open. That means that the ransomeware could work around this by indexing the files with their associated file type to identify what they’re looking for.

    4. Are you talking about program level permissions supplementing user level permissions? yeah, windows doesn’t have that. While the below workaround won’t protect you against malware getting administrative access, it should help against anything operating in your own account. It is cumbersome though.
    1. Setup a new user account for data storage and corresponding data folder.
    2. As an administrator, take away access to that folder from your main account.
    3. When you want to open/edit a file in the protected space, right click on the program you want to use (e.g. word, excel, etc.) and select “run as a different user”. Run as the user that has access. I believe you can also create shortcuts to automate this.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s