Malicious software has become a pervasive problem for Internet users as many networked resources include vulnerabilities that are subject to attack. For instance, over the past few years, more and more vulnerabilities are being discovered in software that is loaded on endpoint devices present on a network. These vulnerabilities may be exploited by allowing a third-party, e.g., through computer software, to gain access to one or more areas within the network not typically accessible. For example, a third-party may exploit a software vulnerability to gain unauthorized access to sensitive information such as email accounts and/or data files. These software vulnerabilities may exist within application programs, operating systems, file systems, and the like.
One type of malware may exhibit behaviors such as infecting, encrypting, deleting and/or stealing files (hereinafter generally referred to as “file modifying malware”). Insecure file operations may give an attacker the ability to read confidential information, perform a denial of service attack, take control of an application, or even take control of the entire system.
In some instances, file modifying malware may enter a computer system, for example, when a user of an endpoint device activates a uniform resource locator (URL) in an Internet-browser application or downloads a file from a network or opens an e-mail attachment. Subsequently, the file modifying malware may modify various files within the computer, which may include encrypting one or more files thereby restricting access to the one or more files. The file modifying malware may then request a payment for a key to decrypt one or more files.
In some cases, the file modifying malware may target particular data storage locations, such as files and/or folders containing sensitive personal, financial, or corporate information. Additional security measures beyond traditional access control are needed to protect sensitive data files from malicious attackers.