Antiransomware


05/10/16. Beta 0.1

Latch ARW: New protection tool against Ransomware

In recent years there has been a rise of Ransomware attacks. According to Wikipedia, “A ransomware is a type of malicious software that restricts access to certain parts or files of the infected system and asks for a ransom in exchange for removing this restriction. Some types of ransomware encrypt the operating system files disabling the device and coercing the user to pay the ransom.”

AntiRansomWare Tool is a tool that adds a layer of authorization in Windows systems on “protected” folders in addition to the existing permissions of the operating system, so that any write or delete operation of the files is denied. The authorization in this case relies on Latch instances for each folder. That is, we will not be able to modify or delete any files in these folders if the Latch associated is closed.

If a folder is protected with ARW, any write or delete access will be consulted to the Latch servers, the owner of the mobile phone will receive a notification through the Latch Apps, and they will be able to open Latch if any changes were necessary.

This system allows proactively to protect files from hijacking by a ransomware or any other malware. The tool allows the user to open files in read mode for their viewing, copying, etc.

How does it work?

Latch ARW works as a Windows driver in kernel mode that monitors I/ O operations to identify if they occur on a protected folder and if they are write or delete operations. The driver in turn communicates with a Windows service that check the status of the authorization with the Latch servers and conducts an inventory of protected folders.

The user interface for the pairing and unpairing and to protect and unprotect a folder is integrated into Windows Explorer. It is very user-friendly with context menus directly on folders.

Installation process

The installer setup performs all the necessary steps to implement the necessary changes in the computer, or to them if the user wants to uninstall the tool. Installation does not require any additional information. Once installed, the pairing wizard is launched to link the computer to a Latch account.


Pairing with Latch

First of all, the user must create a Latch account with a pairing token. The pairing wizard can be launched either right after the Setup, or at any time with the context menu of Windows Explorer.

How to add and configure a protected folder

The same context menu of Windows Explorer is used to add protection to a folder. Once protected, a new instance appears in the Latch app.

Once added, the user receives a notification of the change through the mobile app.

How to enable/disable write operations in a protected folder

After adding the folder, it is protected so that the write and delete operations are denied. To enable write operations in the folder, the user will go to the Latch mobile app to unprotect the corresponding instance.

To disable write operations, the user will go to the Latch mobile app to protect the instance of the folder.

How to remove protection from a folder

The same context menu of Windows Explorer is used to remove protection from a folder. For security reasons, in order to remove protection from a folder, the user will go to the Latch mobile app to unprotect the instance of the folder.

Latch unpairing

Finally, when the user wishes to remove protection from the computer, or if they wish to link the computer to another Latch account, they can launch the unpairing wizard via the context menu of Windows Explorer. For security reasons, prior to the unpairing, the user must go to the Latch mobile app to unprotect the “Unpair service” operation of the antiransomware service.

Disclaimer

This is a beta version of the tool that is still in process of official Release. ElevenPaths does not guarantee the reliability or usability of the software. Any downloading of the material is done at the risk of the user, which is solely responsible for any damage or loss of information. This version may include some bugs and lack of functionality.