X

Combating Ransomware: 5 Success Stories

Ransomware distribution has become one of the dangerous and most prolific forms of cybercrime. It is one of the greatest threats that can be suffered by end users and is a growing problem globally. The sophistication of cyber criminals has resulted in the quality of malware getting higher. The Global Risk Report of 2016 has sighted that hospitals, businesses, and public institutions are more vulnerable to malware threats. The most active ransomware families now are Locky ransomware and CryptoWall.

What can stop ransomware from sabotaging the lives of people? Beefing up security can offer protection against the malware getting in the systems. However, paying for the data or losing it forever is solely your choice once it makes way into your systems.

How can one retrieve the data that has been held hostage by malware? Comprehensive and effective data management is something that all vulnerable targets need to look to during the crisis hour. Having copies of valuables by taking a backup can weaken the determination of ransomware developers.

With organizations moving to the cloud, one cannot rely on sharing tools and cloud sync as the files can be encrypted there as well. The encryption is replicated, and the cloud copies can be scrambled. Cloud syncing services fail to cover all the data. This forces institutions to pay a hefty sum to have their data recovered.

Having endpoint data protection can prove out to be a big step and game changer when it comes to fighting ransomware. Making use of an appropriate system can reduce security risks. It as well can boost productivity.

How can ordinary people save themselves from becoming ransomware victims? Several steps have been devised by the cyber security experts that can, at least, help in mitigating or eliminating the exposure to ransomware threats. The first and foremost thing to do is to make use of anti-virus software that is reputable and up-to-date. This would help in removal and prevention of malicious files from your system. One needs to ensure that the firewall is activated and strong. One needs to be careful while opening email attachments. You need to have a strict backup of your data too.

It is crucial to inform the authorities of a ransomware attack. The FBI has achieved success in fighting several ransomware samples. It stopped Citadel in 2013 that was responsible for Reveton style attacks. Major networks of computers were seized by FBI that was being utilized to infect the systems with malware during the year 2014.  Not bowing down to the demands of the cyber criminals is the only way the confidence of the criminals can be shaken. Paying ransomware only hints that the cyber world is quite vulnerable, and there is no way malware attacks can be brought down.

The success stories of fighting ransomware can serve as an inspiration that the cyber criminal activities can be fought with few preventative measures and with the experts developing decryption tools.

Extensive research on the activities of the ransomware can help cracking down the the malware vulnerabilities. These should be kept hidden, or the malware writers may get cautious and fix the flaws with a patch. The stronger are the efforts in fighting against ransomware attacks; the more are the criminals going to be deterred. Backing files is an easy task, and filtering emails from unknown sources isn’t really hard to do. This can make ransomware businesses to fade of quickly when people would become more alert and would not bow down to the demands of the cyber criminals. There are several cases in which the ransomware have been fought off successfully.

  1. The LeChiffre ransomware was cracked down by Fabian Wosar. This stain attacked the network of several Indian pharma companies making the victims lose millions of dollars. The best thing is that a decrypter is now available for this strain of ransomware. Fabian Wosar took less than a day to crack the ransomware. The decrypter can be downloaded from Emsisoft’s official website and in the case of any queries pertaining to the running of the tool; help can be obtained from Bleeping Computer support thread where Fabian responds to all the queries.
  2. NanoLocker ransomware has as well been cracked by a Canadian security analyst. A decrypter was designed after discovering the vulnerability in the code of the ransomware. The routine followed for the encryption of this malware is CPU-intensive. During the process, there is a slowdown. Users can reboot their system or put the device in the sleep mode upon observing deterioration in the performance. Rebooting can discontinue the encryption process. The security analyst tailored a program that can automatically locate the encryption file and retrieve the key needed to decode the data that has been locked. The source code can be obtained from Google Drive and GitHub.
  3. The Cisco security experts have continuously worked to monitor the TeslaCrypt ransomware and have also developed a decryption utility for this malware. This was possible when the security team figured out that the malware developers were trying to intimidate the victims by fooling around. They claimed to use RSA-2048 encryption technique while the experts figured out that they were making use of a primitive encryption technique. This made it possible to create a decryption tool for this ransomware.
  4. Radamant is the malware behind the attack if your files are being changed to .RDM or .RRK file extensions. Fabian Wosar has devised a decryptor for this malware that can help in recovering from the ransomware infection.
  5. CryptoLocker2015 is a poorly designed malware. The rigorous analysis done by cyber security experts has revealed the decryption key to be incorporated in the executable malware itself. Reverse engineering helped the experts in figuring out that a patch can trick the malware in triggering decryption process. A decryptor has been devised by Nathan Scott for this malware.

Although the ransomware variants are getting more and more advanced with time and with patches being released by the developers, there is still hope that the security firms are carrying out extensive research and refuse to bow down to the malware developers. Instead of paying ransom blindly, the first and foremost thing to do is to bring out the problem in open and seek help from experts that are active on forums such as Malwarebytes and Bleeping Computer.

Instead of blindly trying to fix the malware yourself, you need to get an expert advice from help forums. Trying to solve the problem yourself may lead to further damages. Not everything that works for one ransomware may work with another. It is crucial to figure out what exactly ransomware you are dealing with and to figure out the specific tool that is available to combat with that particular stain of ransomware. Ransomware activities can be brought down if one is ready to apply a logical approach instead of just bowing down to the demands of the cyber criminals.

John:
Related Post