The success of ransomware means the number cyber criminals are looking to cash in on the file-encrypting malware appears to be ever increasing, whether they build it themselves or buy it from distributors in underground online marketplaces.
With new ransomware variants appearing all the time – recent new discoveries include PrincessLocker and Defray – and malicious developers continually updating tried and tested ransomware families such as Locky, it can be difficult for the average user to understand what they’ve been infected with should they fall victim to an attack.
Especially, as one recent report claims, there’s been a 750 percent increase in ransomware families since 2015.
In order to help victims Bitdefender has released a free software suite that identifies which family and sub-version of ransomware has locked the victim’s data and leads them to the appropriate decryption tool – if it exists.
The Bitdefender Ransomware Recognition Tool analyses the ransom note and the encrypted file samples to identify the strain of ransomware and suggest a decryption tool based on indicators of confidence. If the ransomware has an associated decryption tool, the platform provides a link to it in order to allow the victim to retrieve the files for free.
“Ransomware has become one of the most prolific criminal businesses to date. The immediately payoff and the huge amounts of money have made ransomware a very common occurrence,” Bogdan Botezatu, Senior e-Threat Analyst at Bitdefender told ZDNet.
“Our new tool aims at helping as many people get back their data without paying for the ransom in order to minimise the impact on the user, as well as to minimise the profitability of such businesses”.
While also involved with No More Ransom – the collaborative partnership involving law enforcement and cyber security firms coming together to provide a decryption tool portal for ransomware families – Bitdefender wants to reduce the number of steps victims need to take before getting their hands on a decryption tool.
“Bitdefender Ransomware Recognition wants to be a standalone tool that does the identification and then automatically downloads the proper decryption tool, if one is available. We plan to release more decryption utilities in the near future in order to cover all potentially decryptable infection case,” said Botezatu.
However, one of the reasons ransomware is so successful is because the crytography behind the more sophisticated families is hard to crack – which means researchers aren’t able to break them down and reverse engineer them to create a decryption tool.
Ransomware has grown to become one of the most high-profile information security threats and a recent report by Europol warns how the likes of WannaCry demonstrate how it’s eclipsing other forms of online crime.