Researchers reveal how ransomware can bypass security systems: “A very dangerous threat”

Ransomware is among the most serious cyber threats facing businesses, public authorities, and critical infrastructure today. The attacks involve encrypting files and holding them “hostage” until a ransom is paid.

“In a digital society where data is among our most valuable assets, ransomware is a highly dangerous threat,” says Emanuele Miotto, a PhD student at Örebro University and one of the researchers behind the study.

An analysis by Europol reveals that ransomware is often the final stage in supply chain attacks. Meanwhile, the EU’s cybersecurity agency, ENISA, estimates that ransomware makes up about a quarter of all reported cyber incidents.

Detecting attacks early is crucial

To minimise the damage, it is crucial to detect encrypted files early. In the new study, the researchers examine a method for identifying files encrypted by ransomware.

The researchers show how attackers can modify their attacks to deceive the system – and how the method can be improved to better detect and prevent them.

The scientific article “Differential Area Analysis for Ransomware: Attacks, Countermeasures, and Limitations” has been published in the journal IEEE Transactions on Dependable and Secure Computing.

The article’s authors include Mauro Conti, visiting professor of computer science; Alberto Giaretta, senior lecturer in computer science; and Emanuele Miotto at Örebro University. Along with international researchers, they analyse how the method can be circumvented and how to make it more robust.

“The hope is that the study will contribute to better defenses against ransomware and strengthen the security of information systems,” says Emanuele Miotto, emphasising that the study is the result of collaboration between Örebro University and the University of Padova in Italy.

A race between attackers and defenders

Advancements in cybersecurity are frequently portrayed as a race between attackers and defenders.

“Collaboration is vital. Sharing knowledge about attacks and security analyses, along with ongoing training, can strengthen defences. Investment in research also helps develop new tools and more secure information systems,” says Emanuele Miotto.