PayPal’s New Ransomware Detection

By now everyone should know that ransomware is a huge threat. PayPal aims to do something about that.

What we can figure out from the patent filed by the online transaction company is that PayPal seems to have found a way to detect ransomware before all your files are locked away, and in that time they can either prevent the encryption process or they can make copies of files and store them safely away before they get encrypted.

How does PayPal intend to detect ransomware before it springs into action? A lot of ransomware variants follow the same general pattern: They duplicate a file, encrypting the new one, then delete the original. PayPal’s new anti-ransomware will watch for files to be loaded in the memory cache and look for the usual file shenanigans ransomware undertakes, allowing only processes that are on a whitelist to go through while blocking processes that are not on the list.