Who will restore encrypted corporate data? Nobody will

[harlan4096]

Who will restore encrypted corporate data? Nobody will

As yesterday’s incident with Norway’s Norsk Hydro company shows, the ransomware threat is far from being dead, and not everyone is protected. One possible reason is the common belief that in case of an incident their data can be restored, if not by internal IT specialists, then by some external security experts — or, as a last resort, by the cybercriminals responsible (in exchange for ransom). And oh yes, a lot of companies promise to decrypt data. But sometimes employing such companies is actually worse than to paying cybercriminals.

Why is it a bad idea to employ companies that give a 100% guarantee of decryption?

When you start searching for information about encrypting ransomware, you start seeing a lot of advertisements from companies promising to recover data, no matter what. On their websites, as a rule, you can find wordy explanations for why you should not pay attackers, as well as fairly inventive descriptions of decryption methods. These sites often look quite convincing. But there is one catch.

You see, modern encryption algorithms are designed such that anyone can turn important information into a meaningless set of characters, but only the one who has the key can restore everything. In other words, if the attackers made no mistakes, no one else will be able to decrypt those files — neither your system administrator nor a global IT security giant.

So anyone talking about absolute guarantees of decryption a probably lying. As late as last year, our colleagues identified one such company. As it turned out, the company demanded considerable sums of money from victims for “decryption services” and at the same time negotiated with the attackers to get decryption keys at a discount. As a result, the victims not only paid the attackers, but also funded third-party fraudsters. 

Continue Reading