1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

This tool can block ransomware on Mac OS X, for now

Discussion in 'CSO' started by RSS, Apr 21, 2016.

  1. RSS

    RSS New Member Member

    A security researcher has created a free security tool that can detect attempts by ransomware programs to encrypt files on users' Macs and then block them before they do a lot of damage.

    Called RansomWhere? the application is the creation of Patrick Wardle, director of research and development at security firm Synack. It's meant to detect and block the encryption of files by untrusted processes.

    The tool monitors users' home directories and detects when encrypted files are rapidly created inside them -- a telltale sign of ransomware activity.

    When such activity is detected, RansomWhere? determines the process responsible and suspends it. To limit false positives -- legitimate encryption programs being detected as ransomware -- the tool whitelists all applications signed by Apple and most of those that already exist on the computer when RansomWhere? is first installed.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page