Cybersecurity company Safebreach Labs discovered new ransomware that if exploited can compromise Microsoft Windows' Encrypting File System.
Here are five things to know:
1. This ransomware targets individual Microsoft Windows users and larger enterprises.
2. Microsoft's encryption feature allows users to protect specific folders and files. If any files are encrypted, the user can be easily alerted.
3. Decryption codes are transparent to each user. The key is stored in a file that can be accessed by the user and the other part of the key is based on the user's account password.
4. When the EFS-based ransomware is used, it often goes undetected. The ransomware doesn't require administrator rights or human interaction. The ransomware also deletes the decryption key, so the key file is no longer saved on the network.
5. Since discovering the ransomware, Safebreach Labs has notified 17 anti-malware and anti-ransomware vendors for Windows endpoints. Many of the affected vendors have released patches to address the ransomware technique.
To read more, click here.