Ransomware families use different encryption methods. The great work done by @nyxbone shows ransomware families using everything from strong encryption like AES to weak obfuscation like XOR or base64. The Bucbi ransomware family uses the obscure GOST encryption! How are organizations expect to keep up with the ever changing threat landscape?
At Hipara, we believe in giving defenders the upper hand whenever possible. By using math commonly applied in physics, we can determine if a file is encrypted or not. When a suspicious process writes an encrypted file, we will alert your security team!
But the proof is in the pudding. Let's look at how Hipara stood up to a few ransomware families:
|Family Name||Encryption Method||Result|
|LeChiffre||Encrypts first 0x2000 and last 0x2000 bytes||Hipara blocks!|
|odcodc||XOR encryption/obfuscation||Hipara blocks!|
|Xorist||Encrypted files will still have the original non-encrypted header of 0x33 bytes length. Uses XOR or TEA.||Hipara blocks!|
|Rokku||Curve25519 + ChaCha||Hipara blocks!|
|VaultCrypt||Uses GPG||Hipara blocks!|
See the pattern here? Hipara blocks ransomware! Contact us to protect your company today! Email firstname.lastname@example.org