Can Paying For Ransomware Be Avoided?

Ransomware is one of the largest and most recent threats to take over the world, and should be respected as well as feared. The number of ransomware attacks rises as the months go by, simply because it is so profitable for the malicious user. By targeting companies and unsecure individuals, hackers can literally hold their systems to ransom for an anonymous payment.

Ransomware is simple and elegant; malware installed onto a system which encrypts the users drive, and needs a payment to remove. This type of malware is gained in the same way any other malware is, through phishing or bundled downloads. Once the malware is on the system, a fake message usually pops up to avoid the user turning off the computer. This usually happens in the form of the famous ‘blue screen’ with a % loading at the bottom. Ransomware takes hold of any infected computer by peoples’ desire to save their system by not interrupting the error reporting.

Once the ransomware has fully encrypted the system, a screen appears with the ransom amount and target account or wallet. Historically, this amount goes up every day or few days, and can end up costing many thousands to remove. If your computer is infected with ransomware, then fixing it sooner rather than later is always the best option.

For anyone confused as to how the encryption cannot simply be decrypted; ransomware with newer strains does not have a public decryption key like the older ones such as Locky. Most modern ransomware used 128bit military AES encryption, which would take more than the lifetime of our Earth to decrypt with a single computer. Encryption is not password protecting, it is scrambling of all data.

As a result of this, ransomware is very easily to get rid of, but incredibly hard to recover data from. The scrambling of drives is not irreparable, but without an encryption key it is virtually impossible to restore data to its previous state.

Fortunately for everyone, there are a few ways you can avoid paying for ransomware. The first method is by far the safest, easiest, and most reliable; restore from a backup. Backups are the first line of defence against malware and ransomware in 2017, and your system should always be backed up to a remote location. If your business or home uses a backup service, the entire recovery process can be done within an hour, with no further steps needed. It can’t be stressed enough that backups are the best option for protecting data.

The next favourite option is to see if there is a public decryption key available for the specific strain on the system. Older versions of ransomware have been fully discovered, and systems can be decrypted by free, open source programs. Unfortunately, most ransomware is a different strain of a hierarchical group, meaning a different encryption/decryption key.

One less known option to avoid paying for ransomware is through the use of a virtual wallet; faking a BTC transfer to the host wallet and receiving a decryption key. Surprisingly, this has been shown to have some success; the target BTC wallets send a key on access, not on validation. Of course, this option is risky as the malicious user may notice and deny access fully, but as a last resort it is worth a try.

The final option is to simply wipe the computer, something which no ransomware can disable. This is the last ditch resort, as all data will be lost, but if there is nothing truly important on the system, it can be better than paying.

Remember, the only true way to avoid paying ransomware is to have all data backed up remotely. Preparation is key.