Nyotron announced it has discovered a new Microsoft Windows file system technique that enables cyberattackers to maliciously encrypt files in a way that existing anti-ransomware products cannot detect. The company has alerted security vendors of the threat it has named "RIPlace," and released a free tool that allows users to check their systems for exposure to the technique.
Ransomware has been around since 1989, yet remains one of the most common and successful attack types, causing billions of dollars in damages worldwide every year.
The Verizon 2019 Data Breach Investigations Report (DBIR) states that ransomware accounts for nearly 24 percent of all incidents where malware was used last year, making it the second most common type of malware reported.
The combination of timely patching and using modern antivirus solutions helps stop some ransomware. However, RIPlace can bypass these defenses by using a legacy file system "rename" operation. It takes only two lines of code for hackers to unleash this technique.
Nyotron's free tool enables users and organizations to check their systems for the RIPlace vulnerability. If the system is deemed to be at-risk, the tool provides solution recommendations.
No comments:
Post a Comment