Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
RansomWhere Is a Mac App to Detect Crypto-Ransomware on OS X
#1
[Image: ransomwhere-is-a-mac-app-to-detect-crypt...3214-3.jpg]

Despite not being a big problem for Mac users yet, Patrick Wardle, lead researcher at Synack, has created a nifty little app that can identify ransomware-like behavior by detecting the quick creation of encrypted files, stop the suspicious process, and then alert the user.
Called RansomWhere, this tool is very similar to what Sean Williams created almost a month ago with his CryptoStalker project, a generic ransomware detection system for Linux.
RansomWhere can stop apps that generate a lot of encrypted content
Just like CryptoWalker, RansomWhere works by watching the user's local filesystem for the creation of a large number of encrypted files. Mr. Wardle's app goes a step further by temporarily suspending the process that generates the massive amount of encrypted content, and prompting the user to verify and approve its actions.
RansomWhere may cause some false positives, but it's always better to be safe than sorry.
By default, RansomWhere scans unsigned Mac apps and binaries signed with an Apple developer ID. The only binaries RansomWhere ignores are those signed by official Apple certificates.
The downside is that if ransomware injects and hijacks the process of an Apple-signed binary, the tool won't be able to pick it up. Another downside is that RansomWhere takes a bit to detect ransomware infections, by which time some files might be already encrypted.
Ransomware for Macs not yet a (big) problem
At the start of March, KeRanger, the first fully functional Mac-targeting ransomware appeared on the scene after it infected users via tainted versions of the Transmission BitTorrent client for Mac.
Before this, a Brazilian coder also created a proof-of-concept ransomware variant called Mabouia, which was never released and eventually handed over to Apple's security staff.
Ransomware is not yet a danger to the Mac ecosystem, and more Linux users suffered from ransomware compared to Mac users. This statistics leans towards Linux users because of many ransomware variants that target Linux servers, such as Linux.Encoder, CTB-Locker, and KimcilWare.
For users who like their privacy, just be aware that RansomWhere will ask for your Mac password in order to continually monitor your workstation's processes.
[Image: ransomwhere-is-a-mac-app-to-detect-crypt...3214-2.png]




source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Avira Crypto Terms of Service mrtrout 0 610 07-14-2021 , 08:20 AM
Last Post: mrtrout
  Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detect mrtrout 0 959 09-02-2020 , 07:38 AM
Last Post: mrtrout
  US Moves to Forfeit 280 Crypto Accounts mrtrout 0 1,312 08-29-2020 , 02:41 AM
Last Post: mrtrout
  Windows Defender Can Detect Accessibility Tool Backdoors tarekma7 0 1,434 11-27-2018 , 11:16 PM
Last Post: tarekma7
  Wi-fi Crypto baziroll 0 1,442 07-29-2017 , 12:15 AM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)