DALLAS — You may have heard the word ransomware but don’t really know what it means. Don’t feel too bad.
One survey found that even after people experienced a ransomware attack, about a third of them still didn't understand what it was.
First: What exactly is ransomware?
So, a quick primer: Cyber criminals set up malicious websites or nefarious phone apps, or they send out tainted emails and social media messages.
Often, those things don't look malicious, or nefarious, or tainted. So, you download or click on them. That lets the hackers into your computer or phone, and they lock up your files and hold them hostage until you pay them.
That’s the kind of attack that led to the shutdown the Colonial Pipeline this week, disrupting gasoline supplies to a huge chunk of the country.
Once you know about the threat of ransomware, what to do about it?
Though many of us have heard of ransomware, this may be the first time many Americans can actually see that it has impacted their lives.
"I assure you this got everybody's attention. I think this has taken this out of the theoretical in this country and made us realize that, yes, this can really happen. It’s not just a movie script anymore,” said Damon Small, technical director and security consultant at global cybersecurity firm NCC Group.
From his Houston base, Small told WFAA this may be the event that makes companies and big institutions realize that spending money to safeguard their networks might save them money in the long run, “preventing an incident is always going to be cheaper than recovering from one.”
But are ransomware attacks really preventable with currently available technology?
Small said, “I would never say as a company you can make your environment hacker proof. There is no such thing. What you can do is make your organization as a target so undesirable that it is easier to move on to the next target.”
Team from SMU in Dallas believes it can stop most ransomware attacks
One thing that makes ransomware so effective is that the attacks are always evolving, and many detection tools may not recognize a new attack unless it looks like a previous one.
Engineers from the Darwin Deason Institute for Cybersecurity at Southern Methodist University in Dallas say they’ve developed a software program that can detect a ransomware intrusion before the cyber criminals are able to wreak catastrophic damage.
That said, Mitch Thornton, executive director of the Deason Institute and professor of electrical and computer engineering in SMU’s Lyle School of Engineering, added this disclaimer about the attack on the Colonial Pipeline: "Without performing more analysis of the actual Darkside 2.0 source code to obtain details of its internal construction, it is not possible to definitively claim that the SMU approach could have prevented the attack".
But the team from SMU believes it has created something revolutionary that can detect novel ransomware more than 95% of the time.
In a 2020 announcement about the creation, SMU explained how it is different than other detection tools:
"The new software also can scan a computer for ransomware much faster than existing software," said Mike Taylor, lead creator of the software and a Ph.D. student at SMU.
“The results of testing this technique indicate that rogue encryption processes can be detected within a very small fraction of the time required to completely lock down all of a user’s sensitive data files,” Taylor noted. “So the technique detects instances of ransomware very quickly and well before extensive damage occurs to the victim’s computer files.”
SMU’s software functions by searching for small, yet distinguishable changes in certain sensors that are found inside computers to detect when unauthorized encryptions are taking place. When attackers encrypt files, certain circuits inside the computer have specific types of power surges as files are scrambled. Computer sensors that measure temperature, power consumption, voltage levels, and other characteristics can detect these specific types of surges, SMU researchers found.
The SMU software monitors the sensors to look for the characteristic surges. And when a suspicious surge is detected, the software immediately alerts the computer to suspend or terminate the ransomware infection from completing the encryption process. Use of the computer's own devices to spot ransomware 'is completely different than anything else that’s out there,' Taylor said.
But this SMU software that purports to stop ransomware attacks is not yet available. The team has applied for a patent on the technology.