Napier University is building a reputation in the cybersecurity spin-out ecosystem and now believes it has the next game-changer, writes JULENA DRUMI
It’s the nightmare scenario for any internet business. Criminals not only disabling the entire operating system, but demanding payment to restore access.
Ransomware – malware that encrypts files coupled with a menacing condition to get back online – is becoming the attack of choice for cyber criminals as it has a high chance of financial return coupled with a low chance of detection. And the threat is increasing daily.
In the US alone at least 966 government agencies, educational establishments and healthcare providers were infected by ransomware last year at a cost of some $7.5 billion. The victims included 113 state and municipal governments and agencies, 764 healthcare providers, 89 universities, colleges and school districts (with 1,233 individual schools affected).
But the cost of the ransomware does not tell the full picture, says Edinburgh-based professor of cryptography Bill Buchanan, as there is an impact in downtime costs. He says the estimated overall cost rockets to more than $169 billion worldwide.
According to analysis by Emsoft as many as a third (33%) of companies pay the ransom demand, and their average downtime is 16 days.
Edinburgh’s cyber community has been working on the problem for years and Napier University School of Computing has already turned out a number of successes in the field: ZoneFox (2010), Symphonic Software (2013) and Cyan Forensics (2017) in making the leap from research lab to the market.
They have attracted global attention. Threat analytics spin-out ZoneFox has been acquired by US giant Fortinet, and Symphonic Software and Cyan Forensics have also scaled up to become players in the international marketplace.
The university hopes its latest spin-out Memcrypt will tackle new and increasingly sophisticated tactics used by the cybernats.
Napier’s cryptography experts are developing methods of detecting ransomware as it runs. This will provide new ways of stopping the ransomware from infecting systems before it has a chance to spread.
The team’s work is part of Innovate UK’s CyberASAP programme accelerator, and is also supported more recently by Scottish Enterprise’s High Growth Spin-out Programme – the early stage growth challenge fund.
Memcrypt has evolved around a technical team of Professor Bill Buchanan, Dr Peter McLaren, Dr Owen Lo and Dr Gordon Russell, and a core business team of Dia Banerji (Imagine Ventures) and Matt Burdge (the Business Development and Relationship Manager supporting the School of Computing), as the University seeks to repeat earlier successes in converting ground-breaking research into high impact spin-outs.
‘Ransomware affects virtually every market sector, and can affect every size of company’
At the heart of Memcrypt lies Dr Peter McLaren’s PhD work, the first to discover the presence of the key schedule of a popular encryption method – ChaCha20 – within running memory on the computer.
Another team member, Dr Owen Lo, earlier showed that encryption keys could be discovered just by listening to the electrical noise created by a device. Dr McLaren said: “The core of our approach is to search for things that look completely random with memory, and mark these as suspicious.”
Dia Banerji said: “Ransomware attacks can have a debilitating effect on businesses, often leading to loss in revenue, falling share prices and reputational losses. We aim to better protect those at risk, and work with law enforcement agencies on improving their responses to these attacks.”
Professor Buchanan, who played a key role in the research which paved the way for Edinburgh Napier’s earlier cybersecurity spin-out successes, added: “Ransomware affects virtually every market sector, and can affect every size of company. While building our company in Edinburgh, we aim to scale on an international basis.”
Fiona Mason, head of business engagement and IP commercialisation at the university, said: “Our emerging spin-outs are recognised by CyberASAP and by Scottish Enterprise.
“Our success here is testament to the entrepreneurship, commitment and creativity of the University’s academic staff and students, supported by our talented business engagement and IP team in the research innovation and enterprise Office who worked tirelessly to bring these opportunities to life.
“A UK government-backed report from The London Office for Rapid Cybersecurity Advancement (LORCA) listed Edinburgh Napier in the top six universities that have contributed to the cybersecurity spin-out ecosystem.
“We believe Memcrypt will be our next game-changer.”