WTF, EFS? Experts warn Windows encryption could spawn nasty new ransomware

2020-01-21 14:00

The encryption technology Microsoft uses to protect Windows file systems can be exploited by ransomware.

So says the research team at Safebreach Labs, which has demonstrated how file-scrambling software nasties can not only tap into the Windows Encrypting File System but also avoid anti-malware tools.

"We put three anti-ransomware solutions from well-known vendors to the test against our EFS ransomware," Klein wrote.

While EFS has been used by malware writers in the past to conceal their attacks from security tools, SafeBreach believes this is the first time a tech encryption tool has been shown to be of use for ransomware attacks.

"It is clear that in the face of the expected evolution of ransomware, that new anti-ransomware technologies need to be developed if the ransomware threat is to be contained and kept at bay," Klein concluded.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/21/efs_ransomware_poc/

#windows #WTF #ransomware #encryption