Experts: Windows Feature Can Be Used as Ransomware
Ransomware attackers could turn a key Windows security tool against the system, according to new research. The tactic could also evade leading security tools.
The research from SafeBreach Labs covered "EFS", otherwise known as Encrypting File System. EFS was released as far back as Windows 2000 (in the year 2000), and is somewhat similar to Bitlocker. The main difference between the two is that Bitlocker can encrypt an entire volume, while EFS can encrypt individual files and folders.
In either case, the reason for encrypting files / folders or an entire volume is that if an attacker gained physical access to a hard drive, they would not be able to decrypt the files without a password. EFS uses part of the Windows login to encrypt the files in order to produce a "key" for the encryption. SafeBreach says that there's a significant flaw in how this works.