Ransomware Decryptors Not Available for Most Ransomware Strains

Posted by Jordan Kadlec on May 1, 2017 8:00:00 AM
Jordan Kadlec
submit to reddit

NMR.jpg

At WatchPoint, we are proud to have the largest list of ransomware decryptors on the internet. However, it’s important to know that the majority of ransomware variants do not have a decryptor available.

What is a Ransomware Decryptor?

Cybercriminals make their money by encrypting a victim’s files and holding them for ransom hence, ransomware. When a victim’s files have been encrypted, it makes them unavailable for the user to access. A ransomware decryptor breaks the code of ransomware and gains access to the decryption key. The decryption key is what the victims of ransomware are paying for, and it unlocks their files like nothing ever happened.

No More Ransom Project

No More Ransom (NMR) is a project that was launched in July 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. The project introduced a new level of cooperation between law enforcement and the private sector to battle ransomware together. Nearly ten months after the launch of NMR, 76 public and private partners have joined the project. NMR is now available in 14 languages and contains 40 free decryptors. According to their website, more than 10,000 victims from all around the world have been able to decrypt their devices with the tools made available by NMR.

Ransomware by the Numbers

While 40 decryptors and 10,000 victims able to decrypt their files over the last four months may seem like a lot, it’s really not. In fact, looking at the ransomware statistics from the last year, 10,000 victims being saved from ransomware would only account for one-fifth of the victims from a single month.

Here’s a rundown of the most shocking ransomware statistics from the last year:

  • 56,000 users were hit with ransomware PER MONTH over the last year – that’s up from 23,000 and 35,000 in the previous two years respectively.
  • Ransomware Emails:
    • Ransomware emails spiked 6000%
    • 40% of spam emails had ransomware
    • 59% of ransomware infections were delivered via email
    • 52% - yes, over half – of businesses reported being hit with ransomware

At any point in time, it’s estimated that there are over 1,000 ransomware variants circulating the cybersecurity world. Meaning, according to the NMR project’s numbers, only about 4% of ransomware variants have a decryptor.

CryptoStopper by WatchPoint

Relying on cybersecurity measures on your device (anti-virus, anti-malware, etc.) isn’t enough anymore. By the numbers mentioned above, relying on a decryptor being available should you be hit with ransomware isn’t the best bet either. You need specific ransomware protection, and WatchPoint has delivered a product that will ease your ransomware worries – CryptoStopper.

CryptoStopper uses deception technology in the form of Watcher Files placed on your network. The program continuously monitors the Watcher Files for the encryption process to start and will immediately identify the ransomware attack in seconds. CryptoStopper instantly isolates the infected workstation from the network, then shuts down the workstation. Upon isolating the attack, the program will send you an email notification informing you that a ransomware attack has been discovered and contained. On average, CryptoStopper isolates a ransomware attack in 17 seconds, preventing all your targeted files from being encrypted and minimizing the damage done.

Contact WatchPoint today to prevent your business from being part of the more than 52% of businesses infected with ransomware.

Topics: Ransomware, Ransomware Decrypters, decrypters, decryptors