Research suggests payments to ransomware criminals jumped to nearly $1 billion in 2016, with no end in sight as businesses and individuals continue to pay up.
Ransomware is a type of malware that blocks access to data on a device or server by encrypting it. In working with enterprises affected by ransomware, Kroll Ontrack has identified over 225 unique strains and its engineers have defined decryption processes for over 80 of those variants.
While anyone with a computer or a connected device can be the target of ransomware, corporations are often hit the hardest. Not only is an infected company charged an exorbitant ransom to have its data returned, it also faces financial losses due to downtime.
Those most at risk include healthcare organisations, financial institutions and government bodies. Kroll Ontrack has developed a set of solutions to recover the ransomed data by other means, eliminating the need to pay the criminals behind the attacks, including:
•Software and tools to decrypt ransomed data. There are several methods used to decrypt different strains of ransomware – Kroll Ontrack has identified over 225 strains and defined decryption processes for over 80 of them.
•Knowledge and experience in data recovery to find unencrypted copies of ransomed data and restore or rebuild what is found. If there are no decryption processes or software able to decrypt a ransomware variant, Kroll Ontrack uses its proprietary data recovery tools to search for unencrypted copies of the data.
Robin England, Senior Research & Development Engineer at Kroll Ontrack said: “At Kroll Ontrack we do not recommend paying the ransom. Many victims who pay their attackers never receive their data in return and can lose hundreds or even thousands of pounds. The best solution is to restore data from a backup.
“Ransomware developers know this and in an effort to keep the money coming in, new ransomware variants are being developed that now target those backups. This is why it is important to have a good backup and recovery plan, be diligent in testing backups and educate users on what a potential ransomware attack can look like.”