Over the course of 2015, many individuals and companies have been affected by ransomware. While this may have nothing to do with Bitcoin at first glance, there have been a few cases where the ransomware could only be removed by paying a certain fee in Bitcoin. But those days may be over now, as a decryption toolkit for various types of ransomware has been made publicly available, free of charge.
CryptoLocker and CoinVault Ransomware
Two types of ransomware making headlines all across the world in recent months are called CryptoLocker and CoinVault. Both types of ransomware operate, in the same way, as they infect a computer as soon as an unsuspecting user clicks an unknown link or opens up an attachment sent via email. This is how most types of malware, viruses and ransomware are distributed for years now.
One of the reasons why these types of ransomware are incredibly dangerous is because they encrypt any file on your computer that matches a certain file extension. Whether it is a photo, a document, a saved bookmark or even executable files, they will be off-limits to the end user unless they pay the ransom. Hence, the term ransomware.
To regain access to your files, you will need to enter a decryption key. That sounds easier said than done, as there is no universal decryption key for these types of ransomware. Every infected device requires a uniquely generated decryption key, making it very hard for security experts to counter these types of attacks.
While most major companies affected by either CryptoLocker or CoinVault have a dedicated team of IT specialists at their disposal to recover the files from a backup, the story is quite different for individuals. Most of them will pay the requested fee – in Bitcoin – to regain access to their private files. Needless to say, this is not putting Bitcoin in a positive daylight, even though it has no direct ties to the ransomware or its creators.
A Potential Ransomware Solution
Multiple bright minds have been working on a solution to combat ransomware, yet it is not an easy task. Because every infection is different – and also requires its unique decryption key – it is difficult for security experts to find a cookie cutter solution. However, all of these decryption keys are generated by a certain algorithm, and once that has been cracked, the story changes dramatically.
It may come as a surprise that a solution has been made available to the public at no cost. Jadacyrus – a pseudonym for an unknown individual or group – created a decryption toolkit that allegedly would be able to break the ransomware encryption. Even though there are multiple version of ransomware available, this toolkit should be able to decrypt most infections by CryptoLocker, CoinVault, TeslaCrypt and others.
That being said, it is important to note this toolkit is aimed at security researchers and system administrators, rather than individual users. The source code of this toolkit – called Ransomware Response Kit – can be found on BitBucket, yet it has not been integrated into an easy-to-use interface for the everyday consumer.
Furthermore, the Ransomware Response Kit does not contain any new tools or features to combat ransomware infections. Jadacyrus has opted to collect the most common anti-ransomware tools into one platform, which should make it easier for the end user to pick the right tool for their type of infection.
But there is a word of warning from Jadacyrus as well. Any infected system should be removed from the network before attempting to break the ransomware encryption. Once that step has been completed, the user should be able to identify which type of ransomware is present on their device, and then use the toolkit to rectify the situation. However, no success rates have been provided at this point.
Even though this project sounds like a great tool, there is no guarantee your ransomware infection can be fixed. Ransomware developers are constantly making changes to their software, which causes additional headaches for security experts. Jadacyrus will try to keep the Ransomware Response Kit updated as often as possible though.
Source: Tweakers
No comments:
Post a Comment