NA free ransomware decrypting tool

[Let'sgoflying!]

received from my AV service today:
not sure if it is available to the public or just subscribers.

Free Ransomware Decryptor Now Available from Kaspersky!​

If you are a victim of CryptXXX ransomware (.crypt files) or want to stay protected, Kaspersky Lab has released a FREE tool to get your files back without paying a fee.

https://noransom.kaspersky.com/

 

[Let'sgoflying!]

Too good to be true?
Partial story?
Old news?

 

[RJM62]

As far as I can tell, it was only for certain specified incidents, not all ransomware that ever was or will be.

Rich

 

[CT4ME]

Many Many Many versions of the Crypto-whatever out there. The de-crypt tools out there are specific to the version. But, who knows, maybe you'll be lucky. The best defense: Knowledge that the problem exists and Backups, Backups, & Backups. Did I mention check those Backups???

 

[Let'sgoflying!]

and Backups, Backups, & Backups. Did I mention check those Backups???

What if I make a backup on Monday that has the ransomware on it unbeknownst to anyone.
Then on Friday CryptoCons have locked everything down.
So I can't access my files AND my backup is useless.
How far back would a backup need to be made?
What is the longest a ransomware virus can sit quietly?

 

[Palmpilot]

Depends on how the ransomware is written. I think the author could program in a delay of whatever length he wanted.

 

[Let'sgoflying!]

My point exactly. Backups could prove useless. Maybe not right now, but these guys arent stupid.

 

[Palmpilot]

My point exactly. Backups could prove useless. Maybe not right now, but these guys arent stupid.

If there are enough people who don't disconnect their backup drives between backups, the ransomware writers may not feel it's worthwhile to get fancy. I hope so, anyway.

 

[CT4ME]

You'll know quickly if you've been hit, as you can't open the affected files. A delay wouldn't change anything. And the bad guys have no reason to delay the encryption process. We've had several clients tell us initially that there was a delay, but it turns out they just didn't notice the damage for a day. The dates/times showed the process takes hours, even perhaps a day if the number of files is great and the network connections are slow. In one case, there was a large USB drive attached to a workstation that contained tons of jpg files. Because the infection usually encrypts the infected computer first, it took hours to encrypt all the files on the external drive. Luckily, when it finally starting encrypting files on the server, it was caught right away, and the encryption only affected files starting with the letter "A". The ones I've seen work alphabetically.

But it's always good to have an "Off-line" backup. I've seen several backup formats, notably image files, that don't seem to be get encrypted. The newest twist, though, is encrypting the whole drive, rather than the files.

 

[RJM62]

My point exactly. Backups could prove useless. Maybe not right now, but these guys arent stupid.

The miscreants want to make as much money as they can before being shut down. Remember that anyone with any good sense at all also runs antivirus software, and the miscreants don't want their malware to be detected while it lies in wait on the machine, but before it executes. Every passing minute increases the likelihood of that happening.

With storage as cheap as it is nowadays, there's really no good reason not to keep at least a month's worth of backups. Hard drives and good backup software (I'm a fan of Macrium Reflect at the moment) are inexpensive, as is network backup if you have decent Internet.

On a related note, I recently added on yet another backup path to my servers. In addition to the daily per-account backups and the daily images to another machine in the datacenter, I added on daily system and per-account backups to Amazon S3. So if the whole datacenter got swallowed into the earth, I could still restore from S3. The cost is so little that it just didn't make sense not to.

Rich

 

[JimNtexas]

I like this product, it modifies your windows registry settings to prevent the most common ways Crypto ware gets installed:

https://www.fooli****.com/cryptoprevent-malware-prevention/