Here is the rest http://securityaffairs.co/wordpress/49312/malware/crypto-drop-defeated-ransomware.html original article of researchers http://www.cise.ufl.edu/~traynor/papers/scaife-icdcs16.pdf
I also don't understand what's so special about this. Neoava Guard (HIPS on Win XP) used to have a feature that alerted about apps that were trying to delete or modify files in a short amount of time. Of course it was up to the user to allow or block it. The only problem was that it couldn't actually stop ransomware and file invectors, probably because it wasn't implemented correctly. So seems that these developers have managed to perfect this approach. I wonder if HMPA, MBARW and WAR are also using this method.
