I've done some work for and remain acquaintances with people from a small anti-virus company, and have been suggesting a very similar approach to them off and on for at least 15 years but there was always too much other stuff they were busy with for them to pursue it.
I've not followed the anti-virus industry closely (most of my work for that small anti-virus company has been back end stuff, like payment processing, tax reporting, and analytics), but have always assumed that numerous others both before and after me had suggested and explored such behavioral approaches, and that they would be common by now.
I will definitely not be above an "I told you so" if this turns out to be an effective approach.
Not just not obvious, also expensive and quite a PITA to set up.
Also, you have to make sure the backup is done through a network - some ransomware will happily encrypt any removable media you happen to plug in to your computer.
You are correct, as that solution does work when users backup their stuff. Users don't keep good backups though. Despite every attempt to tell people, they still don't do it.
[+] [-] tzs|9 years ago|reply
I've done some work for and remain acquaintances with people from a small anti-virus company, and have been suggesting a very similar approach to them off and on for at least 15 years but there was always too much other stuff they were busy with for them to pursue it.
I've not followed the anti-virus industry closely (most of my work for that small anti-virus company has been back end stuff, like payment processing, tax reporting, and analytics), but have always assumed that numerous others both before and after me had suggested and explored such behavioral approaches, and that they would be common by now.
I will definitely not be above an "I told you so" if this turns out to be an effective approach.
[+] [-] fbomb|9 years ago|reply
[+] [-] TeMPOraL|9 years ago|reply
Also, you have to make sure the backup is done through a network - some ransomware will happily encrypt any removable media you happen to plug in to your computer.
[+] [-] nl|9 years ago|reply
Many ransomware variants target network attached backups, eg [1]. They often target USB attached storage too.
[1] https://www.cert.gov.au/advisories/ransomware
[+] [-] CaptSpify|9 years ago|reply
[+] [-] cyphar|9 years ago|reply
[+] [-] Mandatum|9 years ago|reply
Bypass 2: Spawn child processes per file to encrypt.
[+] [-] empath75|9 years ago|reply