This article is more than 1 year old
Hacker launches ransomware rescue kit
Steady, breathe: The wrong click could turn servers to brick
Security bod Jada Cyrus has compiled a ransomware rescue kit to help victims decrypt locked files and avoid paying off crooks.
The kit sports removal tools for common ransomware variants along with guides for how to perform the necessary tasks.
Cyrus recommends users not pay ransoms as doing so sustains the criminal business model.
"You should never pay the ransom," Cyrus says. "This will only reinforce this type of attack."
The toolkit is useful for decrypting variants of CryptoLocker, TeslaCrypt, and CoinVault which are three of the nastiest and most popular ransomwares in circulation.
System administrators caught out by ransomware without recent clean backups must first avoid panic and begin triage.
Cyrus says the affected machine must be taken off the corporate network before the form of ransomware is identified.
Images of the encrypted box should then be taken for later analysis.
It is crucial that the correct decryption tool be used for the specific ransomware variant as it could overwrite data or otherwise ruin the ability to decrypt data, even if the crooks are paid.
Many victims do pay ransomware scum, including local police departments which have fallen victim. The more expensive ransoms typically involve personal email contact with the bandits who should supply the key on payment as a matter of maintaining the scams.
Doing so is of course a risk and acquiescing to ransom demands remains a vexed issue which varies with organisations' appetite for downtime.
To minimise exposure to ransomware admins should conduct regular backups to air-gapped drives, and be aware that some ransomware will quietly encrypt and decrypt data on-the-fly for months in a bid to spoil backups.®