Offensive Security

Detect Ransomware – decrypt Files!

Detect Ransomware – decrypt Files!

With the help of NoMoreRansom, encryption trojans can be detected and with a bit of luck you can decrypt the files without having to pay ransom. One email, one wrong click and a moment of inattention is all it takes for the encryption trojan to run rampant on your hard drive. What is annoying in the private sphere can be life-threatening for companies.

The behaviour of encryption trojans is highly variable

The otherwise so powerful weapon of encryption, which usually protects privacy, is turned against you in ransomware. The files are encrypted – and if you believe the criminal, only he can decrypt them again. But this is not something you can rely on – fortunately. Because if you program cryptography yourself, you run the risk, among other things, that a mistake in thinking will cause the encryption to break. That is why you learn this tip during your studies: Don’t do cryptography yourself.

If you have fallen victim to an encryption Trojan, the (Internet) connection to other devices should be interrupted: WLAN off and pull out the LAN cable! As a preventive measure, backups work best – those that were physically separated from the computer at the time of infection, in the best case. There are cases in which it has been bad to restart the computer. On the other hand, with other encryption Trojans, decryption of the files is only then applicable. A crucial point in removing the encryption Trojan is to identify which Trojan was at work. In many cases, this leads to the option of being able to decrypt the files.

NoMoreRansom.org helps you to decrypt files!

Some encryption trojans reveal themselves. But especially in such an unusual situation it is understandable that a small hint often goes under. To disrupt the business of cyber criminals, the NoMoreRansom project was created. It is run by IT security companies and law enforcement agencies. It is led by the National High Tech Crime Unit initiative of the Dutch police, Europol’s European Cybercrime Center, Kaspersky Lab and McAfee.

The Crypto Sheriff tool from NoMoreRansom requires only two files that have been encrypted by the encryption Trojan. If this is not possible, the ransom demand can also be uploaded. NoMoreRansom can also tell from this which Trojan it is.

Encryption Trojan - Decrypt files
The Crypto Sheriff helps to detect the encryption Trojan.Decrypting files is only possible in this way.Screenshot: nomoreransom.org

Once the Trojan has been detected, the actual work can begin.First and foremost the questions: Can the files be decrypted?If this is the case, the website directly recommends the contact points.Before you upload files, you must agree to the data collection regulation.

You are currently viewing a placeholder content from Default. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

Photo of author

Vincent Reckendrees

Hallo, ich bin Vincent Reckendrees und leite das Team Offensive Services bei der AWARE7 GmbH. In meinem Bachelor und Master Studium habe ich mich auf IT-Sicherheit spezialisiert und BSI zertifizierter IS-Penetrationstester. Meine Leidenschaft gilt Reverse Engineering, Hardware- und Web-Sicherheit. Als Experte für Penetrationstests finde ich Schwachstellen in Systemen und Netzwerken und nutze sie, um realistische Cyberangriffe zu simulieren und Sicherheitsmaßnahmen zu verbessern. Durch Reverse Engineering entdecke ich Fehler und Verbesserungsmöglichkeiten in Software und Hardware. Meine Fähigkeiten in Hardware- und Web-Sicherheit ermöglichen es mir, physische Geräte und Online-Plattformen vor einer Vielzahl von Cyberbedrohungen zu schützen und ihre Integrität und Zuverlässigkeit zu gewährleisten.