Ransomware attacks are on the rise, costing victims hundreds of thousands of dollars every month. But a new decryption tool could spell the end for a particularly virulent breed—the malware “STOP,” which accounts for 56 percent of attacks.
Ransomware encrypts local files on targeted computers, unlocking them only if the victim pays a fee, often in cryptocurrencies such as Bitcoin. Over the past few months, these attacks have seen a resurgence, with municipal bodies, local businesses, and schools among those targeted. The contagious “STOP” malware propagates itself through links promising paid software for free, often targeting older users and children.
But STOP hides clues in the encrypted files that can be descrambled to reveal the key, says cybersecurity company Emsisoft, which has found a way to restore frozen files without paying the ransom. Its new tool—distributed freely from here—sends out a query to retrieve these clues, which it can use to figure out the decryption code. Emsisoft spokesman Brett Callow said the decryption tool can foil up to 70 percent of attacks.
There’s been a “BIG uptake,” said Callow, who noted that the sheer number of victims—between 116,000 confirmed and 460,000 unconfirmed in total—has forced Emsisoft to outsource customer support for the tool to Bleeping Computer, an online cybersecurity community. “No way we could have handled that deluge of inquiries,” he said.
Bleeping Computer comprises hundreds of volunteers, who assist victims of malware. But “no matter how hard volunteers tried to assist victims, in many cases there was nothing that could be done,” said Bleeping Computer spokesman Lawrence Abrams, in a statement. “With the release of Emsisoft's STOP decryption service, the BleepingComputer volunteers will finally be able to help desperate victims recover their files.”
But prevention is better than waiting on a cure: Callow says that ransomware attacks can be preempted by uploading files to cloud-based services that support “versioning,” which “simply means that the cloud service keeps multiple copies of each file so, if the most recent version becomes encrypted, you can roll back to a previous version.”
Eventually, attackers will grow wise to the latest decryption tool and upgrade their arsenal. “Yeah, that happens all the time,” said Callow. “We break the encryption, and the devs either change things up or start afresh. Our aim is simply to enable victims to get their data back without needing to pay the ransom.” For now, it’ll do the job.