Many ransomware decryption tools are actually just more ransomware

  • Cybersecurity
  • Saturday, 13 Jun 2020

Search online for a tool to help unlock any files encrypted by ransomware and you may only find more ransomware, security experts warn. — dpa

When a piece of ransomware has encrypted all the files on your computer and is demanding money for it all to be unlocked, good advice is hard to come by and Google is not always your friend.

There's one thing you certainly shouldn't do: Start searching online for software to crack open the ransomware in the hope of being able to decrypt everything yourself.

That's because you will likely come across would-be helper tools that only pretend to decrypt the data. In fact, they will only encrypt the data again, security experts have warned.

One frequently used fake decrypter Decrypter Djvu claims to be able to help the victims of the Stop Djvu ransomware. But hidden behind this tool is yet another trojan horse called Zorab.

Clicking on the tool will only start Zorab, which re-encrypts the data and demands yet another ransom, meaning you would in theory have to pay twice to get your files back.

Anyone seeking help with encrypted data should only trust reputable sources – such as the ID Ransomware project, which can often tell exactly which malware you've fallen victim to if you upload a sample file.

Knowing this is important if you want to start looking for an antidote. One of the most important trusted archives that collects decrypter tools and instructions is No more Ransom, operated by Europol and IT security companies.

Police generally advise users not to be intimidated by blackmailing malware. Victims should never pay money to the perpetrators, but should file a complaint.

Even if you do pay a ransom, there is no guarantee that the data can be permanently recovered afterwards.

You should also never delete files encrypted by ransomware. After all, it's always possible that a decryption tool will later be developed for the malware on your computer.

Security experts say the best protection against blackmail by ransomware is regular back-ups of all or at least the most important files. – dpa

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3



Did you find this article insightful?


94% readers found this article insightful

Across the site