Ransomware is one of the hottest topics in IT, data and internet security and it has gained momentum over the last several months. Now more users – in the comfort of their homes and companies alike – are the biggest targets. The question is, when a computer has an infection, is there a chance for regaining the precious data without paying the ransom? Can the user or the company’s IT staff themselves or professional data recovery specialists like Kroll Ontrack retrieve the data?
What are the different kinds of Ransomware?
With ransomware like Petya, CryptoLocker or TeslaCrypt being a big topic over the news it is easy to forget, that ransomware is not really a new development. For several years now, viruses, Trojans and other malware have been infecting computers and blocking it or its files and demanding a ransom from the victim. All ransomware is comes from the idea to manipulate either hardware or software and files in order to ask for ransom money. The three main types of ransomware are:
Scareware is the simplest form of ransomware. These are fake applications or programs that mostly come as fake antivirus or clean-up software. By using these tools they claim to have found dangerous viruses and in order to remove them demand the user to pay for it to fix it. Since in most cases, real viruses or ransomware do not install on the hardware, they removable. Otherwise they bombard the user permanently with nerve-taking pop-ups or alert windows.
Lock-screen viruses are the second most dangerous ransomware types on the scene. When causing infection, they lock the user´s computer, display a full-size window with a message that there was a cyber crime on this PC after the OS starts up and the computer is unusable. To unlock the computer again the user should pay a certain amount of money to unlock it. In most cases, this is no affect on the user data or the computer – when unlocking tools for this specific virus is not available – it can help to reinstall the OS. Apparently, all data will be after that … Data recovery experts can most likely help to regain the data by using specialized tools in those cases.
The new encryption ransomware
The new ransomware versions are the most dangerous ones. Even though there are more than 45 different ransomware versions out there so far, they all operate in the same way. After gaining access to the victim´s computer – mostly due to the user opening an email attachment like a Word or an Excel file – they infiltrate the computer´s data and file structure and encrypt every file and folder on the computer. Additionally, several ransomware versions are also able to contaminate other computers and servers that are using a network connection.
Those are the most dangerous ones for companies since only one single employee with an open internet connection or dangerous email attachment can contaminate a whole company, putting business to a halt.
Can computer users recover encrypted data themselves?
In all cases the answer is: It depends! For the two less-complex ransomware versions, which have been on the scene for a long time now – there are now several how-to guides and websites available for regaining access to both the hijacked computer as well as the encrypted data.
In several cases the solutions offered might work, but one danger still remains: what if the data is destroyed or corrupted by using these tricks. Then even the best data recovery expert can´t help anymore. This is a risk a company and even an individual without any current backup should not take.
Are data recovery experts able to counter-strike encryption ransomware?
The honest answer is: It depends on each and every specific situation and case.
Since the widespread of ransomware Kroll Ontrack data recovery engineers, for example, have solved a big variety of ransomware cases with encrypted files. Out of this experience the software engineers from the research and development department developed several new tools to both regain access to infected drives as well as to encrypted files. For most of those nasty ransomware viruses now available, Kroll Ontrack has either the tools or has the knowledge and the processes to recover the data from infected hardware.
Even though Kroll Ontrack is able to recover data encrypted for example by such famous ransomware like Petya-Mischa, TelsaCrypt, AutoLocky and DMALocker and its variants, it is still a difficult task and the outcome depends highly on the specific case and situation.
Therefore it is best-practice – when struck by ransomware and especially in a company environment – not to do anything and consult a data recovery service provider like Kroll Ontrack immediately.
But even though data recovery experts are most likely capable of recovering data which was encrypted by a ransomware – the best weapon against any form of ransomware is being fully protected. In these times where ransomware is spreading like mosquitoes in warm weather, it is wise to protect yourself and your data against a possible attack even if it wasn´t hit so far. Tips on protecting yourself can be found here.
Michael Nuncic is Marketing Communications Manager at the German Ontrack Data Recovery office in Böblingen for more than 5 years. Highly experienced in computer, network and software topics, he is a professional editor for blog and technical articles for almost 20 years now.