The decisive word in the fight against ransomware: a revolutionary idea from Microsoft

Ransomware encrypts files on the victim’s computer and demands a ransom to restore them. Such viruses can cause enormous damage to both individual users and large organizations. But is there a way to protect yourself from them?

Security expert Adam Szostak is sure there is. He offered a simple and elegant solution that can significantly hinder the work of ransomware. His idea is that the company Microsoft limited the speed of one of its API-CreateFile interfaces.

CreateFile is a function that allows programs to create and open files on the computer. Ransomware uses it to gain access to files and replace their contents with encrypted data.

If Microsoft introduced a limit on how often the same program can call CreateFile, it would greatly slow down the process of encrypting files. Thus, the ransomware victim could notice the attack in time and take steps to stop it.

Shostak hopes that Microsoft will consider his proposal and implement it in their system. However, the specialist also recognizes that it is not as easy as it seems. After all, any change in the API can affect the operation of other programs that depend on it. For example, compilers or backup programs also need to open many files in a short time. Therefore, you need to consider exception mechanisms for such programs, as well as ways to control and notify the use of CreateFile.

Shostak says he understands the difficulty of maintaining compatibility. He himself had experience implementing the Autorun patch in Windows Update – a feature that allowed programs to be automatically launched from connected media and was vulnerable to malicious code. The fix resulted in a decrease in the number of attacks through open ports.

However, Szostak believes that the cost of a ransomware attack today is so high that it’s worth taking the risk and trying security changes. The expert is confident that Microsoft specialists are quite capable of handling this challenge.