Ransomware is a nasty business. When it comes to cybercriminals who target large organizations, it’s overall a successful enterprise because enough victims pay up, either out of the fear that they’ll have to rebuild an entire network from scratch — or how bad a breach looks to customers and clients.
But researchers at Sophos say caving into demands isn’t such a good idea and can end up costing more in the long run. Tap or click here to find out how giving into hackers’ demands could double the cost of recovery.
What if you didn’t have to pay and could still recover the files that are being held hostage? That’s been one man’s mission for years, and he’s developed free tools to help stop cybercrooks in their tracks.
A true cybercrime-fighter
Roughly a decade ago, Michael Gillespie and a few other classmates discovered a problem with their high school website. It was a vulnerability that was exposing students’ sensitive information, including Social Security numbers.
Once the issue was brought to light, it was quickly patched. And now years later, Gillespie is still seeking out similar problems to fix — which now includes helping victims of ransomware.
Looking for no credit or reward, he’s since become part of the MalwareHunterTeam, which operates a website called ID Ransomware. The free site analyzes ransomware with a goal of helping victims get their files back, and Gillespie himself has created downloadable tools to decrypt and remove lingering traces of the attack.
Recover what’s yours without paying a dime
When a system has been taken over by ransomware, victims can visit the ID Ransomware website for help. By uploading a ransom note or sample encrypted file, the site works to determine what type of ransomware was used.
ID Ransomware is able to identify more than 600 types of ransomware based on various similarities to other attacks. If it’s identified and determined to be decryptable, the service will offer further guidance on what action victims should take.
Depending on the ransomware, Gillespie has possibly created a decryptor. If not immediately, a free tool called CryptoSearch can identify files that have been encrypted on your system, then the option to move them to a new location in hopes that a decryptor will one day be available.
If your hijacked files are able to be decrypted, another download called RansomNoteCleaner can search your system for any traces of ransom notes and delete them once and for all. Sometimes hundreds of those notes can be left over, and deleting them manually can take a substantial amount of time.