Waiting for a free decryption tool is not the right way to deal with a ransomware attack

Ransomware is still claiming countless victims. Law enforcement and security companies are doing everything they can to help users recover their files without paying ransom, but these efforts should not be taken for granted or expected for every piece of file-encrypting malware. In fact, only about 10% of all ransomware families can be decrypted, and these efforts often take months, or even years, to come to fruition. Taking precautions to prevent infection and ensure easy recovery is still the best choice.

A while ago, a QNAP network-attached storage (NAS) device belonging to a software developer fell prey to a ransomware attack. The owner paid about $700 to restore his files. Then, he hacked the cybercriminals’ command and control server, got the decryption keys for almost 3,000 victims, and released them.

The developer’s story is extraordinary because it reveals the gravity of the ransomware menace and shows how far some victims go to fight it. Hacking back is illegal in most countries and releasing the keys required to build a decryption tool for free is rare.

Cybersecurity companies and law enforcement are fighting side by side against this phenomenon, and the results are impressive. The No More Ransom project, in which Bitdefender is actively involved, has created more than 89 decryption tools to restore files encrypted by over 109 variants of ransomware. This has spared at least 200,000 individuals from paying a combined $108 million in ransom.

These figures are from July, when Bitdefender created a decryption tool for the infamous GandCrab. More such utilities have emerged since, so the estimates are conservative. These efforts are admirable but they generally take longer to yield results than victims are willing to wait.

In the end, ransomware victims who have not taken action to avoid infection or to render the threat ineffective are left with three choices, none of them trouble-free: kiss the encrypted files goodbye, wait indefinitely for a decryption tool to emerge, or pay the ransom.

Giving up the files is, in most cases, the worst outcome. NAS devices are used mostly for storage and can hold terabytes of data. Businesses and individual victims want to save at least part of that data. A decryption tool may become available but the wait may be lengthy.

Paying ransom, though, fuels the cybercriminal business. Doing this is an option for every victim, and authorities cannot force anyone to not pay. Avoiding ransom payments, though, is strongly endorsed by both the cyber security and law enforcement communities.

For the moment, network-attached storage (NAS) devices are a common ransomware target in the IoT space. This may change, though. According to a survey of managed service providers (MSPs); 54% of them believe  this threat will switch focus to smart systems such as wearables, medical devices and self-driving cars.

Preventing the infection is the best course of action against ransomware, yet this is not always possible. The No More Ransom project offers advice on additional steps that would render a ransomware infection ineffective, including backing up files in a safe location, such as an offline storage device, in case disaster hits.

Image credit: TheDigitalArtist