Web portals: Free help for ransomware victims for six years
With a bit of luck, you can find information about free decryption tools for some ransomware trojans on the ID Ransomware and No More Ransom websites.
Encryption Trojans are still extremely popular in the malware scene. With malware such as Locky and REvil, cyber criminals have extorted hundreds of millions of euros in ransom worldwide. But sometimes the developers of the Trojans make mistakes and security researchers develop free decryption tools on this basis.
If a blackmail Trojan strikes, it encrypts files and demands a ransom. The criminals only want to hand over the key for the files when the payment is made. According to a Sophos report earlier this year, 46 percent of companies surveyed worldwide pay the ransom. In Germany, that’s an average of more than 250,000 euros for companies.
The two portals ID Ransomware and No More Ransom were launched in 2016 so that victims could find out whether there was a suitable decryption tool. Behind ID Ransomware are security researchers from the MalwareHunterTeam, who are well connected in the ransomware scene. Europol and Kaspersky, among others, are responsible for the No More Ransom portal.
Find decryption tool
With ID Ransomware, you can find out if there is already a decryption tool. To do this, you have to upload an encrypted file or the ransom note encrypted via TLS to the service. The operators assure that if results are found, the files will be deleted immediately after the analysis. The service now recognizes over 1,000 different blackmail Trojans – and the trend is rising. After the analysis, you know which Trojan has struck and whether there is already a decryption tool.
No More Ransomware now offers over 100 such tools for download. These are created by developers from Bitdefender, Emsisoft and F-Secure, among others. In the portal you will find, among other things, tools to free files from the clutches of Babuk, Lockfile and REvil. Encrypted files for analysis can also be uploaded to this portal.
Unfortunately, the malware developers keep making improvements and some tools no longer work with current versions of the Trojans. Those affected should definitely try such tools.
prevention
In order to protect yourself and your data, you should make regular backups and not save this data on a hard drive connected to the computer or on a network drive. The encryption Trojans don’t stop there either.
To prevent infection, you should never click on links in emails or open file attachments without thinking. Ransomware usually gets onto PCs using fake Office documents. The mails are often done quite convincingly and the document says you have to enable macros to read it. But the macros download the Trojan.
You should also make sure that all software is up to date so that criminals cannot exploit security gaps.