Right around the time that the WannaCry ransomware began to wreak havoc globally, SnT’s Ziya Alper Genç, had a big idea. ‘It became my obsession,’ says Genç. ‘I had this idea that I just couldn’t let go.’ What Genç dreamt up was a method for preventing ransomware from encrypting files in the first place — a method that would make ransomware viruses like WannaCry harmless.
Ransomware gets onto our devices the same way all malware does — through infected emails, downloads, or unprotected internet connections. Once on a device, the malware’s first step is to produce the cryptographic tools used by the ransomware to encrypt valuable documents on the computer. Once locked, only hackers can prompt the malware to decrypt them.
What Genç saw is — at first glance — simple: if the ransomware cannot find its cryptographic tools in the first place, then it cannot encrypt. ‘We create basically a whitelist of the programs that are allowed to ask for such tools and then just deny programs, not on the list. So ransomware would be denied access to the instruments they need to lock your computer.’ By cutting off ransomware’s ability to do its job, the encryption process, you render modern ransomware effectively impotent.
Up to now, there have been just three levels of malware protection. Users can regularly backup their data, anti-malware programs can analyse program behaviour, or anti-malware programs can analyse a program file’s unique signature. Genç’s innovative approach is an additional fourth level of malware protection, a potential game-changer in the anti-malware business. With the support of an FNR Pathfinder grant, Genç has already tested his research’s marketability — the first step to bring a new product to market. Having gathered extensive evidence that his idea works under real-world conditions and against actual ransomware, in 2019 he will follow up with another FNR grant, this time to develop a proof-of-concept.
‘Anticipating the evolution of ransomware is a must, not a luxury,’ Dr Gabriele Lenzini, Genç’s thesis supervisor, adds as our conversation draws to a close. So while we will all soon be a little more secure, the fight will go on. But it is comforting to know that by the time the world is again gripped with panic at the next round of hacks, researchers such as Genç will almost certainly have another big idea that they just can’t let go.