The Irreversible Effects of Ransomware Attack

Ransomeware

It’s an unhappy fact: In most cases, once ransomware executes in your environment, it’s essentially “game over” for the affected data. That’s one of the conclusions of the new CrowdStrike white paper, “Ransomware: A Growing Enterprise Threat.”

Here’s an excerpt from the report:

While ransomware circa 2006 was using 56 bits with “homebrewed” encryption, today’s most advanced versions utilize AES symmetric algorithm and RSA or ECC public-key encryption. In a few isolated instances, security researchers have found weaknesses in certain ransomware variants’ encryption techniques, allowing development of “one-off” tools allowing victims of that particular variant to recover files. However, these tools can’t crack the underlying encryption used by the ransomware. They’ve just taken advantage of coding errors or sloppy encryption key management by criminals in order to create limited-use solutions for victims. Many ransomware families often do make these ‘rookie’ mistakes, but most of the bugs/vulnerabilities are usually addressed quickly after researchers identify them.

As a result, there is no universal roll-back tool for recovering data locked down by ransomware.

In the vast majority of cases, once that data has been hit by ransomware, there’s no reversing the encryption. Unless an organization has fool-proof backups, which themselves are often are the first target of ransomware, their only recourse is to pay the extortionists. In fact, cryptoransomware has become so exceptionally effective at holding data hostage that some officials have been heard recommending that victims pay the ransom in the absence of backups.

Conclusion: Knowledge is power. Understand the facts behind ransomware so you can best prepare and protect against it.Download the white paper to learn more about best practices and practical measures you can take to defend your organization’s data from the growing threat of online extortion.