Ransomware remains one of the most practiced cyberattack variants and generates great stakes for threat actors, mentioned digital forensics specialists. Although organizations or individuals who are victims of these infections often have appropriate security measures, a slight oversight is sufficient to let the malware into the target system.
In addition, a ransomware infection can be disastrous, as the victim might not have backups of the encrypted information, which would force them to negotiate with the attackers, although there is no guarantee that the criminals will comply with their share of the deal and restore the access to information.
Fortunately, multiple independent researchers
and digital forensics firms have thoroughly analyzed the known variants of
encryption malware, even succeeding in developing tools to remove the
encryption imposed by some variants of ransomware. Below are three free alternatives
to remove the encryption of three popular ransomware variants: FortuneCrypt,
WannaCryFake and Yatron.
A few years ago, a researcher released the code
for Hidden Tear, a popular encryption malware, for educational outreach
purposes. However, the material came into the hands of threat actors, who used
it to create other malware variants, such as Yatron. Due to some failures in
the development of this malware, Kaspersky
Lab specialists managed to create a tool to recover files encrypted
Soon after, the tool to remove the encryption
of FortuneCrypt, a ransomware variant that caught the attention of the
cybersecurity community, was also revealed as it was written in Blitz BASIC, a
programming language designed to attract the novice programmers. This
ransomware used a weak encryption routine to block access to victims’
information, which facilitated the creation of this tool.
Specialists from the firm Emsisoft have
released a free tool to remove the encryption imposed by the WannaCryFake
ransomware variant. As reported, this is a variant of ransomware that uses
AES-256 to encrypt the files on the target system, adding the .WannaCry
extension. In the ransom note that Victims of WannaCryFake receive, they are
demanded not to attempt to remove encryption with third-party software, as this
could cause permanent data loss. However, experts claim that this tool can help
recover encrypted information without putting it at risk of loss.
International Institute of Cyber Security (IICS)
digital forensics specialists mention that hackers typically resort to two
methods to develop ransomware variants: reconfiguring an existing variant or
creating a completely new strain. It’s really complex to stay on top of the new
ransomware variants that pop up from time to time, so it’s important to take
advantage of the tools to combat some of these variants.