How Ransomware Blocks Attempts To Detect It

How Ransomware Blocks Attempts To Detect It

Ransomware — software which hijacks your computer and demands financial payment to return access to your data — is an increasingly lucrative criminal activity. A new white paper from Sophos highlights how ransomware operates, and offers some clues on how to stop it.

Ransomware ranges from basic blockers to sophisticated software that can encrypt the entire contents of a victim’s hard drive. The distribution methods are similar to existing malware, often being sent as a ZIP file in email (which should flag the attention of any existing security software) or exploiting known vulnerabilities in other programs.

The entire paper is interesting and worth a read for its examination of the techniques used to evade detection. These include encrypting the fake warning images displayed to persuade users to cough up money, and disguising API calls so they look like other software. These techniques aren’t foolproof, but more than enough to invade the machines of users with few security options switched on.

Ransomware: Next-Generation Anti-Virus [Sophos]

Log in to comment on this story!