6 companies’ tools to counteract ransomware attacks
As the threat of incursions continue, vendors line up with decryption tools.
Ransomware threats still a major worry for providers
Ransomware is dominating the malware market and has become the most profitable type of malware in history, and healthcare organizations have emerged as the target of choice for cyber criminals.
According to the FBI, ransomware victims paid a total of $209 million in the first quarter of 2016, while the producers of the CryptoWall ransomware attack generated more than $300 million in 2015 alone, according to executives of TrapX Security, which is working on a ransomware defense offering.
Vendors now are offering defense approaches and decryption tools, some at no charge, to help those victimized by ransomware. Here’s a list of vendors and their offerings.
AVG, an Amsterdam-based online security company, is offering six free tools to decrypt files locked up by ransomware.
AVG’s new free tools are for the decryption of six current ransomware strains: Apocalypse, BadBlock, Crypt888, Legion, SZFLocker, and TeslaCrypt. The page offers guidance in identifying the type of ransomware by the messages appearing on the computer screen.
The information and tools can be found here.
Cisco Systems' Talos team has released a free tool for victims of the TeslaCrypt ransomware attack. The Cisco tool decrypts locked-down files. The tool is aimed at all levels of victims and can be used by those with a variety of expertise levels.
An informational article about the tool to counteract TeslaCrypt can be found here.
The page to access the decryptor can be found here.
Kaspersky Lab offers its “no ransom” web site to offer a variety of solutions to help organizations afflicted by ransomware. In addition to decryption tools, the site offers “education on ransomware.” The site notes that the malware must be removed first before attempting to decrypt, “otherwise it will repeatedly lock your system or encrypt files.”
The site can be found here.
Decryption tools are available for various ransomware: Shade; Rannoh and variants; Rakhni and variants; and CoinVault and Bitcryptor.
The site also contains a library of additional reading on ransomware.
Minerva Labs takes a different tack—it provides an anti-malware solution that prevents targeted attacks without the need for prior detection or other knowledge and before any damage has been done. Minerva's Environment Simulation Technology (EST) creates an environment in which malware refrains from execution. The offering prevents ransomware from execution, by simulating an environment that is unideal for the malware, causing it to refrain from execution.
More information about the approach and application can be found here.
Symantec offers guidance and a tool to help deal with ransomware attacks. The company advises the use of its Endpoint Protection Manager to update the virus definitions and scan the client computers.
The page for basic guidance and for education on the use of the tool can be found here.
Trend Micro offers a couple of applications to decrypt files attacked by ransomware. The site warns that the best approach is prevention, because attackers are “constantly changing their methods and tactics.”
Ransomware the applications can decrypt include Crypt variants, TeslaCrypt and variants, AutoLocky, BadBlock, and more.
Trend Micro tools include RansomwareFileDecryptor and TeslacryptDecryptor.
The Trend Micro site can be found here.