Why can't OS catch ransomware in the act?

Ransomware is a major risk, and it keeps evolving to avoid detection from antivirus tools or operating systems.

1 0  Random Thoughts Atko

Ransomware is a major risk, and it keeps evolving to avoid detection from antivirus tools or operating systems.

But what if the OS developed a technique where modifications to data on a disk drive exceeding x storage measurement units per time unit triggers an alarm?

Let's think of it in terms of physical warehouse. If someone walks into your warehouse and begings to flip every box on every shelf upside down, you would not just stand by and watch it happen. You would ask what they were doing, wouldn't you?

If ransomware starts to change (encrypt and delete) gigabytes of data within minutes, would it not make sense that your operating system pauses the process, shows a popup question and asks you if process X is supposed to be doing what it is currently doing?


Please Log in to post a comment.

There are no comments yet, but you should definitely think about writing the first one. This usually helps kick-start a discussion.