Technology Guides, Reviews and News

How to recover encrypted data from viruses with No More Ransom

An initiative created by legal authorities and security signatures explains simply how to behave in case of ransomware attack suffered on your system.

In recent months, we have witnessed a considerable growth of the phenomenon of ransomware and the reasons are clear. Not too difficult to implement, the ransomware are malicious software that allow the possible attacker with a particularly direct infection of your computer. Locking files on a system, the ransomware asks for a ransom to deliver access to that content. These types of software have been used to target particular companies (taking advantage of the naivety of some employees), as well as private hospitals.

To respond to the growing spread of the type of malware signatures legal and security authorities have merged in an initiative that has as its sole purpose is to protect the victims affected by ransomware allowing them to recover their own files without paying any ransom. The project is called No More Ransom and sees joined forces such as Europol, the Dutch National Police, Intel Security and Kaspersky Lab, which created a portal to provide whenever possible keys to unlock the encryption-protected files.

To launch NoMoreRansom.org contains four tools to unlock 20 different ransomware families, including the abused CryptXXX, which encrypts files on the system and on all connected storage devices, in addition to steal any funds in cryptocurrency and send sensitive data to cybercriminals. But the problem is ransomware also of ” education ” since for how powerful these types of malware require some type of user interaction. Those who know the causes and effects of the infection usually does not remain a victim of crypto virus.

We not only find tools to decrypt the files, but also advice on actions to take to prevent infection and tools that allow you to identify any suspicious files. The general advice is still not to pay the ransom in any case, because often the total recovery is not guaranteed and the payment would encourage other criminals to do the same.

How to recover encrypted data from crypto virus with No More Ransom.

To recover data from encrypted crypto virus with No More Ransom simply direct their browser to this address, the portal and click the Yes button. If you press No you will reach a page on recommendations to be observed to avoid being the victim of a potential ransom demand. Pressing Yes, you must identify the type of ransomware that has hit our computer between the four families available and the different variants, and download the specific tool. Before carrying out any operation is encouraged to read the relevant guide on the same site.

In the portal, at the time of this writing, we find:

  • Coinvault, for ransomware CoinVault and Bitcryptor campaigns: a guidance on the use of the tool.
  • RannohDecryptor, effective against Rannoh, AutoIt, Fury, Crybola, Cryakl, CryptXXX: guidance on the use of the tool.
  • RakhniDecryptor, to defeat the Rakhni infections, Agent.iih, Aura, Autoit, Pletor, Rotor, Lamer, Lortok, Cryptokluchen, Democry, Bitman (TeslaCrypt): guidance on the use of the tool.
  • ShadeDecryptor, can decrypt files with the extensions .xtbl, .ytbl, .breaking_bad, .heisenberg: guidance on the use of the tool.

As we wrote earlier among the tools offered on the site, we are also Crypto Sheriff, to identify the type of infection that hit our computers. Crypto Sheriff is located at this address, and its use is very simple: just send two encrypted malware files, and the text contained in the redemption request for information on the type of ransomware that was installed on our computer. Once you acquired the information, we can use them to download a specific tool among those presents on the portal.

Within the project, it was also released ShadeDecryptor, developed after the authorities seized the command and control server that was used to store keys for ransomware. The keys have been shared with Kaspersky Lab and Intel Security, who have collaborated to develop over 160,000 keys that can be used by the Shade victims to recover data without having to pay anything to cybercriminals that caused the infection on the system.

It is this kind of success that has shown how important the cooperation between law agencies and computer security in this type of attacks, said Europol. The site No More Ransom will be continuously updated with additional information on new threats, with other security signatures that you can add – or rather, they are invited to do so – to help provide advice and tools to help victims of ransomware.