DATA RECOVERY AFTER RANSOMWARE THAT ENCRYPTS FILES [source: digitalforensics]

The problem of data recovery after ransomware that encrypts files has increased, with more and more cases recently. Help in these cases is not a trivial task.

Let’s consider some sides of this problem. Ransomware usually encrypts the most-used data such as photos, videos, office files, databases, etс. Ransomwares can give different extensions to encrypted data; they are considered as a same mechanism that uses similar algorithms.

Files are encrypted with cryptographic algorithms. Keys consists of a public key and a private key. The public key is generated on the victim’s PC, while the private key is kept in secret and only the fraud perpetrator knows it. The combination of public key with private key is special for each case. It’s impossible to decrypt data without a private key. Solutions offered by well-known anti-virus developers are likely to focus on selection of the private part of the key, by brute force or special heuristic analysis.

We haven’t faced a practical experience of payment to obtain decoder software, but our customers state they had such experiences. Let’s drop the moral side of this problem, such as whether to pay or not to pay. It’s obvious there’s no need to encourage malicious users, but everyone has their own view as to the importance of data.

For more, click here.

Share