By Kevin Townsend on August 16, 2017
Researchers Say Cerber Ransomware Now Has a Feature to Avoid Triggering "Canary Files"
The old canary-in-the-coal-mine and the new canary file serve the same purpose. Both are threat detectors: the former to detect the presence of poisonous gas in a mine, and the latter to detect an unauthorized presence in a file system. The canary file is particularly useful as an early-warning system for the presence of ransomware.
The concept is very simple. A bogus file designed to look like a prime ransomware target is strategically placed and watched by an anti-ransomware application. There is no valid reason for this file to be encrypted. If the watching anti-ransomware detects any attempt to do so, it knows that ransomware is present and can take the necessary action.
Full Article.
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.