There’s been some better news for SME recently in that Anti Virus researchers have been able to crack the codes of 2 Ransomware attackers and give vulnerable Business owners repossession of their records and files.
But they also warn that the race is never won, and new variants and upgraded malware appear frequently.
Insurance has responded to the current and future threats by launching Cyber Crime Insurance – for more details on these products contact RDi for a confidential discussion.
Website CSO http://www.cso.com.au, a Resource for Data Security executives reports:
Security researchers have released tools this week that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.
PowerWare, also known as PoshCoder, was first spotted in March, when it was used in attacks against healthcare organizations.
Researchers from security firm Palo Alto Networks have recently found a new version of this threat that imitates a sophisticated and widespread ransomware program called Locky. It uses the extension .locky for encrypted files and also displays the same ransom note used by the real Locky ransomware.
Luckily, PowerWare is nowhere near as strong as the ransomware programs it impersonates, which allowed the Palo Alto researchers to create a decryption tool that should work at least for this latest variant.
Also this week, researchers from antivirus firm AVG managed to crack another ransomware program called Bart that first appeared in June. This threat is notable because it locks files inside password-protected ZIP archives instead of using sophisticated encryption algorithms.
Bart infections are easy to identify because the affected files will have the extension .bart.zip appended to their original name and extension — for example document.docx will become document.docx.bart.zip.
AVG researchers have figured out a way to guess the key using brute-force methods. Their Bart decryption tool requires the user to have at least one unaffected copy of a file that has been encrypted.
The program compares the original version of the file with the archived and password-protected version and then proceeds to guess the password. But they warn that the process can take up to several days.
While it’s great that security researchers sometimes find implementation flaws in ransomware programs and manage to create free decryption tools, malware authors are usually quick to fix their errors. A tool that works for one variant of a particular ransomware program might not work for the next one. Preventative measures, coupled with Insurance should the worst occur, are the best method.
For the original article, and links to the decryption tools click here
For more on preventative measures click the link.