Detect Ransomware – decrypt Files!

M.Sc. Chris Wojzechowski

Detect Ransomware – decrypt Files!

With the help of NoMoreRansom, encryption trojans can be detected and with a bit of luck you can decrypt the files without having to pay ransom. One email, one wrong click and a moment of inattention is all it takes for the encryption trojan to run rampant on your hard drive. What is annoying in the private sphere can be life-threatening for companies.

The behaviour of encryption trojans is highly variable

The otherwise so powerful weapon of encryption, which usually protects privacy, is turned against you in ransomware. The files are encrypted – and if you believe the criminal, only he can decrypt them again. But this is not something you can rely on – fortunately. Because if you program cryptography yourself, you run the risk, among other things, that a mistake in thinking will cause the encryption to break. That is why you learn this tip during your studies: Don’t do cryptography yourself.

If you have fallen victim to an encryption Trojan, the (Internet) connection to other devices should be interrupted: WLAN off and pull out the LAN cable! As a preventive measure, backups work best – those that were physically separated from the computer at the time of infection, in the best case. There are cases in which it has been bad to restart the computer. On the other hand, with other encryption Trojans, decryption of the files is only then applicable. A crucial point in removing the encryption Trojan is to identify which Trojan was at work. In many cases, this leads to the option of being able to decrypt the files.

NoMoreRansom.org helps you to decrypt files!

Some encryption trojans reveal themselves. But especially in such an unusual situation it is understandable that a small hint often goes under. To disrupt the business of cyber criminals, the NoMoreRansom project was created. It is run by IT security companies and law enforcement agencies. It is led by the National High Tech Crime Unit initiative of the Dutch police, Europol’s European Cybercrime Center, Kaspersky Lab and McAfee.

The Crypto Sheriff tool from NoMoreRansom requires only two files that have been encrypted by the encryption Trojan. If this is not possible, the ransom demand can also be uploaded. NoMoreRansom can also tell from this which Trojan it is.

Encryption Trojan - Decrypt files
The Crypto Sheriff helps to detect the encryption Trojan.Decrypting files is only possible in this way.Screenshot: nomoreransom.org

Once the Trojan has been detected, the actual work can begin.First and foremost the questions: Can the files be decrypted?If this is the case, the website directly recommends the contact points.Before you upload files, you must agree to the data collection regulation.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.