Security_Ransomware

Kroll Ontrack has identified over 225 different strains of ransomware and developed a set of solutions to restore data and eliminate payments in the event of an attack.

Research suggests payments to ransomware criminals jumped to nearly $1 billion in 2016, with no end in sight as businesses and individuals continue to pay up. Ransomware is a type of malware that blocks access to data on a device or server by encrypting it. In working with enterprises affected by ransomware, Kroll Ontrack has identified over 225 unique strains and its engineers have defined decryption processes for over 80 of those variants.

While anyone with a computer or a connected device can be the target of ransomware, corporations are often hit the hardest. Not only is an infected company charged an exorbitant ransom to have its data returned, it also faces financial losses due to downtime. Those most at risk include healthcare organisations, financial institutions and government bodies. To mitigate the damage caused by ransomware, Kroll Ontrack has developed a set of solutions to quickly recover the ransomed data by other means, eliminating the need to pay the criminals behind the attacks, including:

  • Software and tools to decrypt ransomed data. There are several methods used to decrypt different strains of ransomware – Kroll Ontrack has identified over 225 strains and defined decryption processes for over 80 of them.
  • Knowledge and experience in data recovery to find unencrypted copies of ransomed data and restore or rebuild what is found. If there are no decryption processes or software able to decrypt a ransomware variant, Kroll Ontrack uses its proprietary data recovery tools to search for unencrypted copies of the data. 
It is important to have a good backup and recovery plan Click to Tweet

Robin England, Senior Research & Development Engineer at Kroll Ontrack said: “At Kroll Ontrack we do not recommend paying the ransom. Many victims who pay their attackers never receive their data in return and can lose hundreds or even thousands of pounds. The best solution is to restore data from a backup.

“Ransomware developers know this and in an effort to keep the money coming in, new ransomware variants are being developed that now target those backups. This is why it is important to have a good backup and recovery plan, be diligent in testing backups and educate users on what a potential ransomware attack can look like.”

Those individuals and enterprises who are most at risk should take precautions to reduce their risk and lessen the effects of an attack. Below is a list of steps they can take:

  • Never pay the ransom because attackers may not unlock your data. There are many cases of ransomware victims paying the ransom demanded and not receiving their data back in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to data by reverse engineering the malware.
  • Create and follow a backup and recovery plan. Ensure that a plan includes storing the backups offsite.
  • Be prepared by testing backups regularly. Organisations must be familiar with what is stored in backup archives and ensure the most critical data is accessible should ransomware target backups.
  • Implement security policies. Use the latest anti-virus and anti-malware software and monitor consistently to prevent infections.
  • Develop IT policies that limit infections on other network resources. Companies should put safeguards in place, so if one device becomes infected with ransomware, it does not permeate throughout the network.
  • Conduct user training, so all employees can spot a potential attack. Make sure employees are aware of best practices to avoid accidentally downloading ransomware or opening up the network to outsiders.