{"id":14264,"date":"2016-04-25T13:43:42","date_gmt":"2016-04-25T17:43:42","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=14264"},"modified":"2016-04-25T13:43:42","modified_gmt":"2016-04-25T17:43:42","slug":"towards-generic-ransomware-detection","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/04\/25\/towards-generic-ransomware-detection\/","title":{"rendered":"Towards Generic Ransomware Detection"},"content":{"rendered":"<p><a href=\"https:\/\/objective-see.com\/blog\/blog_0x0F.html\">Patrick Wardle<\/a>:<\/p>\n<blockquote cite=\"https:\/\/objective-see.com\/blog\/blog_0x0F.html\"><p>I don&rsquo;t claim to be an expert on ransomware, but after studying various specimens, a general (and obvious?) commonality seems to be that ransomware rapidly encrypts user files. (And after googling around, it appears that others allude to having perhaps similar ideas - at least for Windows). So to me, this rapid encryption of user files, seemed like a promising heuristic that could lead to the generic detection and prevention of ransomware.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Patrick Wardle: I don&rsquo;t claim to be an expert on ransomware, but after studying various specimens, a general (and obvious?) commonality seems to be that ransomware rapidly encrypts user files. (And after googling around, it appears that others allude to having perhaps similar ideas - at least for Windows). So to me, this rapid encryption [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[30,504],"class_list":["post-14264","post","type-post","status-publish","format-standard","hentry","category-technology","tag-mac","tag-malware"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=14264"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14264\/revisions"}],"predecessor-version":[{"id":14265,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14264\/revisions\/14265"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=14264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=14264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=14264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}