Windows EFS Feature May Help Ransomware Attackers

Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer.

The lab-developed ransomware strain relies on the Encrypting File System (EFS) component in Microsoft’s operating system and can run undetected by some antivirus software.

EFS allows users to encrypt specific files and folders with a symmetric key known as File Encryption Key, which is then encrypted with a public key (asymmetric encryption). This process and its reversal is done at a layer below the NT file system (NTFS).

Read more…
Source: Bleeping Computer