$4.5 million. This was the ransom paid by the travel management company Carlson WagonLit Travel in July 2020 to liberate its 30,000 computers locked down by ransomware. Was this an isolated case? No. According to one study, the average ransom is now over $178,000... preferably payable in Bitcoins. Attackers are aiming ever higher. They target large companies, administrative organisations and hospitals... For the lucky ones who manage to restore their data from backups, downtime still costs a fortune. In 2017, the NotPetya virus cut back the sales revenue of the Saint-Gobain group by a startling €250 million!
Anti-virus software is able to filter out known ransomware thanks to their signature libraries. However, they are powerless against so-called Zero-day malware, which exploits previously unseen security weaknesses.
This fact led researchers in the High Security Laboratory (LHS) at Inria in Rennes to begin exploring a radically new approach in 2014. The idea is to focus on the impact on files rather than on the virus itself. A model representing the data in its normal state is produced. When the monitored state starts to change, the algorithm concludes that an attack is underway. A security mechanism is then activated to block any further changes, thus preserving the integrity of the data. This technology was jointly patented by Inria and the French Directorate General for Armament (DGA).
Blocking ransomware without needing to recognise it
Managed by Belkacem Teibi, Daspren aims to integrate these research results into an operational solution that can be made available to users. The company recently completed a year of incubation in Inria’s Startup Studio to work on an industrial prototype.
The product is called Parad. It is at the forefront of its field. It will help protect companies’ computers. We are starting with Windows. A version for Linux is planned next. The competitive advantage is obviously in relation to Zero-day ransomware. Anti-virus software cannot detect them. Those that claim to do so are in fact only identifying mutants of previous viruses. Our solution bypasses the problem by blocking ransomware without even needing to identify it. Files are thus protected from external interference.
No destruction. No malicious encryption. The product is currently being finalised and “will first be released and tested among various prospects who are experts in the field. We are also in discussion with integrators who want to include Parad in their global security solutions offered to their clients. We are a complementary addition to more traditional programs that analyse and investigate.”