It has been reported that the ransomware STOP represents 56% of the attacks registered so far. The number of victims of this malware ranges between 116,000 confirmed cases and 460,000 unconfirmed cases.
Ransomware attacks are on the rise, which has cost victims hundreds of thousands of dollars every month. However, a new tool, aimed at unlocking encrypted data, could mean the end to a particularly virulent malware, known as STOP, which represents 56% of recorded attacks.
The ransomware acts by encrypting the local files found on specific computers, only unlocking them if the victim pays a fee, which is often in cryptocurrencies such as Bitcoin. In recent months, these attacks have experienced a resurgence, especially in municipal bodies, local businesses and schools, among other objectives.
In this case, STOP spreads through links that promise that users can download paid software for free. This type of malware is aimed primarily at older users and children. In this regard, the cybersecurity company Emsisoft explains that STOP hides clues in the encrypted files, which can be decrypted to reveal the key.
The company found a way to restore the hijacked files, without paying the ransom, through a new tool. It performs a review that allows the recovery of the clues, which can be used to discover the code for decryption. Emsisoft spokesman Brett Callow said that this solution can frustrate up to 70% of attacks.
Callow said that there is “great acceptance” of the tool among users. He adds that the number of victims, ranging between 116,000 confirmed cases and 460,000 unconfirmed cases, forced Emsisoft to outsource customer service for the tool to BleepingComputer, an online cybersecurity community. He said that this was the only way to handle this great flood of inquiries.
BleepingComputer is comprised of hundreds of volunteers, who are responsible for helping malware victims. Lawrence Abrams, community spokesman, explained that, despite how much volunteers have tried to help, in many cases there is nothing that can be done. With the launch of the STOP decryption service, developed by Emsisoft, these volunteers will finally be able to help many desperate victims to recover their files.
There is no doubt that prevention is a better option than waiting for a cure. Callow states that ransomware attacks can be avoided by uploading files to cloud-based services that support “versioning,” which simply means that the cloud service maintains multiple copies of each file. In other words, if the most recent version is encrypted, the option of using an earlier version is available.
Eventually, it is usual for attackers to become more skilled, by becoming familiar with the latest decryption tool, which tends to improve their arsenal. Callow said that that happens all the time, since they manage to solve the encryption while the developers change the nature of things or start again. Its objective is simply to allow victims to recover their data, without having to pay the ransom. At the moment, this new tool will be in charge of doing exactly the job.
By Willmen Blanco