With the help of NoMoreRansom, encryption trojans can be detected and with a bit of luck you can decrypt the files without having to pay ransom. One email, one wrong click and a moment of inattention is all it takes for the encryption trojan to run rampant on your hard drive. What is annoying in the private sphere can be life-threatening for companies.

The behaviour of encryption trojans is highly variable

The otherwise so powerful weapon of encryption, which usually protects privacy, is turned against you in ransomware. The files are encrypted – and if you believe the criminal, only he can decrypt them again. But this is not something you can rely on – fortunately. Because if you program cryptography yourself, you run the risk, among other things, that a mistake in thinking will cause the encryption to break. That is why you learn this tip during your studies: Don’t do cryptography yourself.

If you have fallen victim to an encryption Trojan, the (Internet) connection to other devices should be interrupted: WLAN off and pull out the LAN cable! As a preventive measure, backups work best – those that were physically separated from the computer at the time of infection, in the best case. There are cases in which it has been bad to restart the computer. On the other hand, with other encryption Trojans, decryption of the files is only then applicable. A crucial point in removing the encryption Trojan is to identify which Trojan was at work. In many cases, this leads to the option of being able to decrypt the files.

NoMoreRansom.org helps you to decrypt files!

Some encryption trojans reveal themselves. But especially in such an unusual situation it is understandable that a small hint often goes under. To disrupt the business of cyber criminals, the NoMoreRansom project was created. It is run by IT security companies and law enforcement agencies. It is led by the National High Tech Crime Unit initiative of the Dutch police, Europol’s European Cybercrime Center, Kaspersky Lab and McAfee.

The Crypto Sheriff tool from NoMoreRansom requires only two files that have been encrypted by the encryption Trojan. If this is not possible, the ransom demand can also be uploaded. NoMoreRansom can also tell from this which Trojan it is.

Once the Trojan has been detected, the actual work can begin.First and foremost the questions: Can the files be decrypted?If this is the case, the website directly recommends the contact points.Before you upload files, you must agree to the data collection regulation.