Ransomware is one of the hottest topics in IT, data and internet security and it has gained momentum over the last several months. Now more users – in the comfort of their homes and companies alike – are targeted than ever before. The question is, when a computer is infected, is there a chance for regaining the precious data without paying the ransom. Can the user or the company’s IT staff themselves or professional data recovery specialists like Kroll Ontrack retrieve the data?
Different kinds of ransomware
With ransomware like Petya, CryptoLocker or TeslaCrypt being a big topic over the news it is easy to forget, that ransomware is not really a new development. For several years now viruses, Trojans and other malware have been randomly sent over the internet to contaminate a computer, block it or its files and demand ransom from the victim. All ransomware is based on the idea to manipulate either hardware or software and files in order to ask for ransom money. The three main types of ransomware are:
Scareware is the simplest form of ransomware. These are fake applications or programs that mostly come as fake antivirus or clean-up software. By using these tools they claim to have found dangerous viruses and in order to remove them demand the user to pay for it to fix it. Since in most cases real viruses or ransomware are not installed on the hardware, they can be removed quite easily. Otherwise they bombard the user permanently with nerve-taking pop-ups or alert windows.
- Lock-screen viruses
Lock-screen viruses are the second most dangerous ransomware types on the scene. When infected they lock the user´s computer, display a full-size window with a message that a cybercrime was perpetrated on this PC after the OS starts up and the computer cannot be used. To unlock the computer again the user should pay a certain amount of money to unlock it. In most cases the user data themselves is not affected or infected and the computer – when unlocking tools for this specific virus is not available – can be “cleaned” by reinstalling the OS. Apparently all data is lost after that … Data recovery experts can most likely help to regain the data by using specialized tools in those cases.
- The new encryption ransomware
The new ransomware versions are the most dangerous ones. Even though there are more than 45 different ransomware versions out there so far, they all operate in the same way. After gaining access to the victim´s computer – mostly being activated by the user himself when opening an email attachment like a Word or an Excel file – they infiltrate the computer´s data and file structure and encrypt every file and folder on the computer. Additionally, several ransomware versions are also able to contaminate other computers and servers that are connected via a network.
Those are the most dangerous ones for companies since only one single employee with an open internet connection or dangerous email attachment can contaminate a whole company, putting business to a halt.
Are computer-users and companies alike able to recover encrypted and hijacked data themselves?
In all cases the answer is: It depends! For the two less-complex ransomware versions, which have been on the scene for a long time now – there are now several how-to guides and websites available for regaining access to both the hijacked computer as well as the encrypted data.
In several cases the solutions offered might work, but one danger still remains: what if the data is destroyed or corrupted by using these tricks. Then even the best data recovery expert can´t help anymore. This is a risk a company and even an individual without any current backup should not take.
Are data recovery experts able to counterstrike encryption ransomware?
The honest answer is: It depends on each and every specific situation and case.
Since the widespread of ransomware Kroll Ontrack data recovery engineers, for example, have solved a big variety of ransomware cases with encrypted files. Out of this experience the software engineers from the research and development department developed several new tools to both regain access to infected drives as well as to encrypted files. For most of those nasty ransomware viruses now available, Kroll Ontrack has either the tools or has the knowledge and the processes to recover the data from infected hardware.
Even though Kroll Ontrack is able to recover data encrypted for example by such famous ransomware like Petya-Mischa, TelsaCrypt, AutoLocky and DMALocker and its variants, it is still a difficult task and the outcome depends highly on the specific case and situation.
Therefore it is best-practice – when struck by ransomware and especially in a company environment – not to do anything and consult a data recovery service provider like Kroll Ontrack immediately.
But even though data recovery experts are most likely capable of recovering data which was encrypted by a ransomware – the best weapon against any form of ransomware is being fully protected. In these times where ransomware is spreading like mosquitoes in warm weather, it is wise to protect yourself and your data against a possible attack even if it wasn´t hit so far. Tips on protecting yourself can be found here.