Posted by: David Harley | April 22, 2016

Ransomwhere? Well, less on OS X maybe

Patrick Wardle’s Ransomwhere? takes a generic approach to detecting ransomware in action on a Mac, ‘by detecting untrusted processes that are encrypting your personal files.’

It sounds like a good idea, and I certainly wouldn’t want to dissuade you from taking a look at it. However, John Leyden remarks that ‘it’s the sort of thing that security software firms ought to be doing, but aren’t’, while Wardle himself remarks that ‘Sadly, existing anti-virus solutions fail to detect new samples, leaving most users completely unprotected.’

I happen to think both remarks are misleading, and explain why on ITSecurity UK: Ransomwhere? – detecting new ransomware. But while I haven’t tested it, a generic defence against OS X ransomware sounds like a good idea.

I’ve just noticed some useful commentary from Michael Mimoso for Threat Post: Generic Ransomware Detection Comes to OS X

David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: