Edit: It seems that this system creates a whole load of bogus files and dirs and monitors them, not the whole file system. This pollutes the file system and means that people can quite easily write around it.

Every ransomware program goes over files, chooses the ones that look interesting, encrypts them and destroys the originals. You know what else does this? Compression software, legitimate encryption applications and backup and cloud-sync solutions in addition to many more programs. The same behavior is exhibited even if you manually compress a directory with a password and then delete it. Since ransomware encrypts any file anywhere on a computer, it’s extremely difficult to distinguish a legitimate file activity from a malicious one. While every encrypted file increases the likelihood that the ransomware will be detected, each encrypted file equals another important piece of information lost. Every second counts when ransomware starts encrypting files.

Cybereason RansomFree: Behavior – Based Ransomware Blocking Freeware

Cybereason researched more than 40 ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw and Cerber and identified the behavioral patterns that distinguish ransomware from legitimate applications. Whether a criminal group or nation created the program, all ransomware functions the same way and encrypts as many files as possible. These programs can’t determine what files are important so they encrypt everything based on file extensions.

RansomFree, Cybereason’s behavioral anti-ransomware free tool, takes all these challenges into consideration. By putting multiple deception methods in place, RansomFree detects ransomware as soon as encryption occurs either on a computer or network drive. Once encryption is detected, RansomFree suspends it, displays a popup that warns users their files are at risk and enables them to stop the attack.

RansomFree protects against local encryption as well as the encryption of files on network or shared drives. The encryption of shared files is among the doomsday scenarios an organization can imagine. It takes only one employee on the network to execute ransomware and affect the entire company.

Source: Cybereason Introduces: Free Behavioral-Based Ransomware Blocking

Interesting. Unfortunately Windows only.

New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software.

By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy café for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner’s fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. Results are accurate on video recorded on a mobile phone from up to two and a half metres away – and so attacks are more covert than shoulder-surfing. It also works reliably with footage recorded on a digital SLR camera at distances up to nine metres away.

Researchers evaluated the attack using 120 unique patterns collected from independent users. They were able to crack more than 95 per cent of patterns within five attempts.

Complex patterns, which use more lines between dots, are used by many to make it harder for observers to replicate. However, researchers found that these complex shapes were easier to crack because they help the fingertip algorithm to narrow down the possible options.

During tests, researchers were able to crack all but one of the patterns categorised as complex within the first attempt. They were able to successfully crack 87.5 per cent of median complex patterns and 60 per cent of simple patterns with the first attempt.

Source: Your Android device’s Pattern Lock can be cracked within five attempts

The group – Yinzhi Cao and Song Li of from Lehigh University in Pennsylvania, and Erik Wijmans from Washington University in St. Louis – have worked out how to access various operating system and hardware-level features that can fingerprint an individual machine, regardless of browser.

These include screen resolution with zoom; CPU virtual cores; installed fonts and writing scripts; the AudioContext call; GPU features such as line and curve rendering, anti-aliasing, shading, and transparency; and more.

The researchers reckon they can fingerprint a machine with 99.24 per cent accuracy (compared to under 91 per cent for browser fingerprinting).

Cao and friends say there’s one browser that defeats the worst of their attacks: the Tor browser.

Source: It’s not just your browser: Your machine can be fingerprinted easily

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman. However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users’ messages.

The security backdoor was discovered by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. He told the Guardian: “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys.”

The backdoor is not inherent to the Signal protocol. Open Whisper Systems’ messaging app, Signal, the app used and recommended by whistleblower Edward Snowden, does not suffer from the same vulnerability. If a recipient changes the security key while offline, for instance, a sent message will fail to be delivered and the sender will be notified of the change in security keys without automatically resending the message.

WhatsApp’s implementation automatically resends an undelivered message with a new key without warning the user in advance or giving them the ability to prevent it.

Source: WhatsApp backdoor allows snooping on encrypted messages | Technology | The Guardian