Ransomware has become the scourge of security analysts: it moves quickly and doesn’t need to encrypt all your files to be effective.
The only realistic method to detect ransomware is by observing what it does, or it’s heuristic behavior, which entails going over files, choosing the ones that look interesting, encrypting them and destroying the originals. The problem is legitimate programs like compression software and encryption applications display similar behavior.
So what can be done? Cybereason has identified the minute behavioral patterns that distinguish ransomware from genuine applications.
Stop by Black Hat booth 539 on Wed, Aug 3, 3pm and on Thu, Aug 4, 11am to hear security researcher Uri Sternfeld discuss how behavioral heuristics can detect new types of ransomware and avoid generating false positives.