The pure-detection techniques like antivirus solutions are not sufficient nowadays. Instead, we need modern solutions with practical self-healing powers against serious threats. With the same vision, a team of Italian security researchers has created ShieldSF.
Unveiled at Black Hat last week, ShieldFS is an add-on for Windows native file system to make it immune to different ransomware attacks. According to the researchers Andrea Continella and Federico Maggi, ShieldFS was tested against more than 12 ransomware instances, including WannaCry, and it detected them with 97% success rate.
According to Kaspersky, ShieldFS learns and models the activity of a filesystem over a period. After learning enough, it can compare filesystem against malicious behavior shown by a ransomware.
Moreover, ShieldFS performs copy-on-write on the first write to store the original files. If an attack is detected, the malware is blocked and the original files are recovered if necessary. This is done with the help of a process called “shadowing.” Whenever a suspicious program is detected, ShieldFS enters an observation phase and logs every activity. If it’s concluded that a program is malicious, the code is blocked and backup is restored.
Submitted by: Arnfried Walbrecht