Skip to main content

Experts: Windows Feature Can Be Used as Ransomware

posted onJanuary 24, 2020
by l33tdawg
Flickr
Credit: Flickr

Ransomware attackers could turn a key Windows security tool against the system, according to new research. The tactic could also evade leading security tools.

The research from SafeBreach Labs covered "EFS", otherwise known as Encrypting File System. EFS was released as far back as Windows 2000 (in the year 2000), and is somewhat similar to Bitlocker. The main difference between the two is that Bitlocker can encrypt an entire volume, while EFS can encrypt individual files and folders.

In either case, the reason for encrypting files / folders or an entire volume is that if an attacker gained physical access to a hard drive, they would not be able to decrypt the files without a password. EFS uses part of the Windows login to encrypt the files in order to produce a "key" for the encryption. SafeBreach says that there's a significant flaw in how this works.

Source

Tags

Security Microsoft

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th