Site navigation

Edinburgh Napier University Spinout Memcrypt to Fight Ransomware

Michael Behr


Edinburgh Napier University's Bill Buchanan helped in the development of ransomware spinout Memcrypt

Memcrypt uses techniques developed at Edinburgh Napier University to detect signs that ransomware encryption software is running in a system.

A spinout from Edinburgh Napier University’s School of Computing, Memcrypt, will use new techniques to tackle the multi-billion pound ransomware threat.

Memcrypt will utilise a method devised by Napier’s Dr Peter McLaren in his PhD work. The technique was developed with work from another team member, Dr Owen Lo, who earlier showed that encryption keys could be discovered just by listening to the electrical noise created by a device.

Dr McLaren said: “The core of our approach is to search for things that look completely random with memory and mark these as suspicious.”

Ransomware is a form of malware that encrypts a user’s files. The victim is then charged for a decryption device which can be used to restore access to their files. In the case of corporate data hacks, the price for decryption can run into the millions of pounds.

Furthermore, the victim is trusting the cybercriminal to supply the decryption device. While some modern ransomware operations present a legitimate appearance, decryption devices can often be poorly made and difficult to run properly.

Due to its high chance of financial return coupled with a low chance of detection, ransomware attacks are on the rise. A 2020 report from Bitdefender warned that the total number of global ransomware reports increased by 715% compared to last year.

Professor Bill Buchanan, who played a key role in the research which paved the way for Edinburgh Napier’s earlier cybersecurity spin-out successes, said: “Ransomware affects virtually every market sector, and can affect every size of company. While building our company in Edinburgh, we aim to scale on an international basis.”

To stop ransomware attacks before they do serious damage, the university’s cryptography experts are developing new methods of detecting ransomware as it runs. This will help stop the ransomware from infecting systems before it has a chance to spread.

For example, Dr McLaren was the first to discover the presence of the key schedule of a popular encryption method – ChaCha20 – within running memory on the computer.


Memcrypt has evolved around a technical team of Professor Bill Buchanan, Dr Peter McLaren, Dr Owen Lo and Dr Gordon Russell, and a core business team of Dia Banerji (Imagine Ventures Ltd) and Matt Burdge (the Business Development and Relationship Manager supporting the School of Computing), as the university seeks to repeat earlier successes in converting ground-breaking research into high impact spin-outs.

Memcrypt follows earlier University cybersecurity ventures ZoneFox, Symphonic Software and Cyan Forensics in making the leap from research lab to the market.

Threat analytics spin-out ZoneFox has since been acquired by US giant Fortinet, and Symphonic Software and Cyan Forensics have also scaled up to become players in the international marketplace.

The team’s work is part of Innovate UK’s CyberASAP programme accelerator, and is also supported more recently by Scottish Enterprise’s High Growth Spin-out Programme – the early stage growth challenge fund.

Fiona Mason, Head of Business Engagement and IP Commercialisation at the University, said: “We are delighted that our emerging spin-outs are recognised by CyberASAP and by Scottish Enterprise. Our success here is testament to the entrepreneurship, commitment and creativity of the University’s academic staff and students, supported by our talented Business Engagement and IP team in the Research Innovation and Enterprise Office who worked tirelessly to bring these opportunities to life.”

Michael Behr

Senior Staff Writer

Latest News

%d bloggers like this: