Breaking Encryption Post Ransomware Attack

Q: What is the most effective way to break the encryption post a ransomware attack? How would you approach locked files?

Here are the answers from the SecPro community members on breaking encryption post ransomware attack:

Luca, Security Solutions and Operations
In case any description tools have been developed it could be worth trying using them, but the only way is to ensure a proper and complete backup and solid restore capabilities and solutions. 
I tend to avoid paying the ransom, first of all to not finance criminal organizations and also because there’s no guarantee of recovering data. Indeed, you risk falling victim to attacks again as good payers. 

Avishek, Data Scientist
Identify & Isolate the Infection. Then report to the Authorities. Best is to get rid of the infection.  
A good back up solution is generally used to approach locked files. 

Khairil, Head of Cybersecurity
Not much success stories here. We do engange with some tools available by AV vendors using leaked private keys. The locked files usually use to identity important file and tried to recover from the HDD sector or from the cloud backup. 

The SecPro is a weekly security newsletter to help you stay sharp and upgrade your skills with trending threat insights, practical tutorials, hands-on labs, and useful resources. Build skills in as little as 10 minutes. Join the newsletter here.

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.