Working with European governmental and private organizations, the FBI this summer announced release of a decryption tool that unlocks GrandCrab ransomware. The announcement and Josephine Wolff’s article “Don’t Pay Ransom for Digital Files” (NY Times, August 16) should focus attention on an option often overlooked in the fire drill after a ransomware attack denies access to your data: can we get a key without paying the criminals?
Although ransomware has been with us since the late ‘80’s, its sophistication and the financial and organizational harm it causes have increased dramatically in recent years. It is malware that denies you access to your system’s data by various means including encrypting it, locking your screens, changing your Master Boot Record (MBR), or locking your web server or mobile device.
GrandCrab is called malware-as-a-service because it was wholesaled to retail criminals. Its creators claim they made more than $2 billion and retired the “service.” But the software they sold will still be used to attack victims for some time to come.
Preventing attacks is an important subject for another day. But when they can’t access their data, people don’t want lectures on what they should have done in the past or should do in the future. They want to do something right now to get back in business.
The standard advice is never pay ransom. A more likely response by victims is trying to negotiate with the criminals, playing for time, checking what data is in backups, and figuring out how to make a ransom payment in unfamiliar and highly volatile currency like Bitcoin. Sometimes law enforcement is notified. Rarely is there an informed effort to find a key, but that is the best possible way to avoid paying ransom.
Organizations like The No More Ransom Project are trying to get all victims to look for a key before paying ransom. For three years it has stockpiled more than 80 decryption tools in a repository that can be used on more than 100 strains of ransomware. They say they helped more than 200,000 victims defeat attacks and recover their data—for free.
An initiative of the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, and McAfee, their minimalist cowboy themed website is at https://www.nomoreransom.org/. Since ransomware must be identified before the right key can be found, No More Ransom has the Crypto Sheriff. It can help ID the ransomware quickly with information most victims have at hand.
The GrandCrab decryption key announced by the FBI is on their website, and if you’re facing it or 100+ other kinds of ransomware checking with them might get you a key quickly, for free. There is no guarantee they can help or the tool they send will work. But it takes little time to check with them and other sources of decryption keys. It is a step each ransomware victim should at the least evaluate taking during the frantic moments after an attack.
This communication, a service of Bose McKinney & Evans LLP, exists for informational purposes only and none of its contents should be construed or used as legal advice on any specific facts or circumstances.
Your receipt or transmission of information does not create an attorney-client relationship and cannot substitute for obtaining legal counsel from an attorney admitted to practice law in your state.
Bose McKinney & Evans LLP is headquartered at 111 Monument Circle, Suite 2700, Indianapolis, Indiana 46204, with an office located at 200 East Main Street, Suite 536, Fort Wayne, Indiana 46802, and one located at 777 6th Street, N.W., Suite 510, Washington, DC 20001.
© Bose McKinney & Evans LLP. All Rights Reserved.