To Outsmart Bart (Ransomware), You Need to Be as Unpredictable as He Is
The new kid on the ransomware scene is Bart. Like its’ presumed namesake, Bart Simpson, Bart Ransomware doesn’t do what’s expected. Most ransomware families use cryptography (such as AES) to encrypt a victim’s files. Instead, Bart adds each file to a password-protected ZIP file archive.
How to Detect Malware – Deception and Manipulation
When it comes to detecting malware, security solutions tend to be one step behind. Next generation technologies have gone beyond signatures to search for more flexible indicators such as suspicious behaviors. But a suspicious activity isn’t necessarily ransomware. So depending on how permissive a policy you set, this approach alone will either result in false positives, or the occasional mistake. Missing ransomware is a very costly mistake.
This is where SECDO’s behavior manipulation comes into play. SECDO randomly generates thousands of virtual traps in memory at the kernel level, making it impossible for ransomware to differentiate between real objects and virtual objects. When ransomware attempts to modify or access these objects, SECDO’s IceBlock immediately freezes all entities (threads, processes, services) related to the ransomware before they get a chance to do any damage. With this approach, ransomware authors simply cannot predict how to avoid detection.
Trust Me, I Never Lie
We love Bart Simpson, but we’d rather avoid his namesake. Contact us to see for yourself how SECDO detects and blocks ransomware.