I’ve been hearing a lot about crypto ransomware attacks recently. Someone I know had their boss open a .exe file which held ransom the files on that computer and(!) the remote mounts too. It uses public/private key encryption to lock your files and only give them back/decrypt them when you pay enough.
To me it seems like there’s something very simple and easy we could do to stop a lot of these attacks. There’s always going to be more advanced attacks that get past mitigations, but I feel like the majority can be stopped!
My idea is this: When you run a new program it should not have access to the entire filesystem. It should be limited to only have write access to its own directory. As far as I can tell this is a very simple ‘guard rail’ that you can put around programs to pretty much completely stop these ransomware attacks.
When you install your OS the programs that come with it (or that you install via its package manager or app store) could be configured to have the correct privileges. That means the user doesn’t have to do any work managing complicated security capabilities.
So what are we waiting for? Why isn’t this being implemented?