• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Decrypting Ransomware

May 17, 2016 By Marc Laliberte

Ransomware works by encrypting a victim’s files and then convincing them that the only way to retrieve their files is to pay a ransom. The attackers further this appeal to fear by setting a short deadline for payment, and telling the victim that their files will be gone for good if the deadline is missed. Ransomware is so successful because victims continue paying these ransoms.

The Cyber Threat Alliance reports an estimated $325 million in payments for the CryptoWall 3 ransomware alone during 2015. These payments provide both incentive and financing for further ransomware development by the bad guys. A recent report by McAfee shows a sharp increase in detected ransomware samples over the last two years.

Taking steps to prevent ransomware infections will always be the best defense strategy. Unfortunately, no protection is perfect, which means your systems may eventually fall victim to a successful attack. If you find yourself infected and without proper backups, you may think that paying up is your only option. Thanks to a few cyber security organizations, there may be another way out.

This week, Emsisoft launched a webpage dedicated to ransomware decryption. The webpage helps ransomware victims identify which flavor of ransomware infected their system and then provides a free downloadable decryption tool. Emsisoft is not the only one providing these tools. Kaspersky also maintains a page full of ransomware decryption utilities (and other malware removal tools). If you need help identifying exactly which version of ransomware locked your files, ID Ransomware is another tool you can use.

Ransomware decryption is a cat and mouse game. These utilities typically exploit errors in the ransomware encryption code to decrypt the affected files. When the attackers fix these errors and update their ransomware, the decryption utilities are no longer effective. Because of this, you should not rely on ransomware decryption utilities as your only protection. Instead, they should be treated as an option of last resort.

The best defense against ransomware remains a three-pronged approach of prevention, recovery, and education. You should take steps to prevent the initial infection by using a multi-layer security approach. Network-based AV scanning and APT protection along with host-based endpoint protection remain a must. You should also regularly create and test offline backups to recover from a ransomware infection. It is important that your backups be offline to protect against ransomware that locates and encrypts networked file shares. Finally, you should educate your employees on how to spot phishing attempts, which continue to be the most common attack vector for ransomware. If all of these steps fail though, you may still have hope with a decryption utility. – Marc Laliberte

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use