What you need to know about ransomware decryption tools
Ransomware is malware that aims to trick or force its victims into paying money to get access either to their computer as a whole or to specific files on it. The form of ransomware businesses most fear is called encryption ransomware. As its name suggests, this form of ransomware encrypts files and then demands the victim pay for them to be decrypted.
Understanding the basics of a ransomware attack
Before looking at the mechanics of ransomware decryption, it’s useful to understand the mechanics of a ransomware attack. A user is tricked into visiting a compromised website or opening a malicious email attachment. This results in the encryption ransomware being loaded onto an unprotected computer or mobile device.
The ransomware encrypts some or all of the files on the machine and then the cybercriminals behind the attack send a ransom note usually with samples of the encrypted files to prove they are serious. The ransom note specifies how much is to be paid, in what way (usually cryptocurrency), and by when. Generally, the victim is only given a relatively short time to respond at the suggested price. If they are late, the attackers may decline to respond at all, or they may increase the price.
Understanding the basics of ransomware decryption tools
Before you can decrypt a file, you need to know what form of ransomware was used to encrypt it in the first place. The good news is that there are now ransomware recognition tools to make this much easier. These generally work by analyzing the ransom note and any encrypted files which were sent to work out what form of ransomware was most likely to have sent it. If there is more than one possibility they will try to list them in order of likelihood. Once you know what form of ransomware was used you can see if there is a decryption tool for it.
The reality of ransomware decryption tools
There’s mixed news when it comes to ransomware decryption tools. The good news is that you do have at least some chance of finding one which will work for you. Some chance is better than none. The bad news is that you will need at least some luck on your side because there is a lot of different ransomware out there and some of it is updated frequently precisely so it can get past anti-malware tools and defeat established decryption tools.
Possibly the single, biggest reason why ransomware is so hard to defeat is that it is so profitable. Bluntly, every single organization which caves and pays the ransom is paying for the development of more sophisticated ransomware. This means that really, companies need to focus on prevention and protection rather than cure. The good news is, the steps which will prevent and protect against ransomware are all good practice anyway.
Preventing and protecting against ransomware
It’s imperative that you have a robust antimalware tool, email scanner, and firewall and that you keep these up to date. It is also imperative that you promptly update your operating system and all applications you use. In simple terms, you want to avoid going out of your way to make yourself an easy target. Even the best security precautions in the world may not be enough to stop all ransomware precisely because new versions of it keep being created, but you certainly want to do everything you can to block known threats.
You might also want to think seriously about restricting internet usage. The fewer sites your staff members visit, the less chance there is that they will end up on a compromised website. One possible option would be to implement a “social” WiFi network they can use on their own devices. Another option is to have staff nominate sites to be whitelisted and if you’re happy they’re safe you can do so and if not explain to your staff member why their suggestion is not being accepted.
If you have mobile users, then you need to think about how they’re connecting to the corporate network. If they’re using free WiFi then they should be going through a VPN. If this seems like too much expense or inconvenience for infrequent users, then have them use mobile data instead.
Backups stop you being pressured to pay a ransom
If you backup your data properly, then you don’t have to worry about paying a ransom. The key word, however, is properly. If you rely purely on local backups, especially automated backups, you could end up discovering that the backup process has transferred the infected file into your backup system. That’s one of the reasons why you need a second copy of your data stored off-site.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response