Researchers from the University of Florida and Villanova University suggest that ransomware can be mitigated by detecting its encrypting files early in the process:
CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data
A good idea, but some anti-malware programs already do something like this (i.e. flag programs that start encrypting files in bulk). But still a good idea. At The Register, Richard Chirgwin offers a round of applause:
Florida U boffins think they’ve defeated all – ransomware Crypto Drop looks for tell-tale signs that files are being encrypted
It probably hasn’t escaped your notice that ransomware gangs are fond of Bitcoin, and you may also be aware that some victims who decide to pay up are finding the Bitcoin technology somewhat daunting, to the extent that PadCrypt may be intended to offer advice on paying with Bitcoin by way of a live chat facility (offline at the time of writing). At any rate, Bleeping Computer’s Lawrence Abrams comments:
“A feature like this could potentially increase the amount of payments as the victim can receive “support” and be guided on the confusing process of making a payment.
I’m not familiar enough with Bitcoin at the moment to help much as far as that’s concerned, but I have noticed a number of articles recently that relate to it:
William Hugh Murray comments in a recent SANS newsletter:
Cyber currency is too slow ever to play a major role as a medium of exchange. It is too volatile to serve as a store of value. However, anonymity will serve to encourage extortion.
That section of the Newsbites newsletter has a number of interesting links to commentary on the Locky ransomware, by the way.
Wosar points out that in theory at least, this malware could easily be repackaged for OS X and Linux:
Das sollte bedeuten, dass sich Ransom32 auch leicht für Linux und Mac OS X packen lässt – zumindest in der Theorie.
Added to the ransomware resources page and will also be added to Mac Virus.