Do ransomware decryption tool really work and what's proper way to fix it? [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

Questions seeking product, service, or learning material recommendations are off-topic because they become outdated quickly and attract opinion-based answers. Instead, describe your situation and the specific problem you're trying to solve. Share your research. Here are a few suggestions on how to properly ask this type of question.

Closed 2 years ago.

Improve this question

My laptop got infected with ransomware, files got encrypted and it tells me to pay to them.

As I know I have a few options:

Pay the ransom and hope the cybercriminals keep their word and decrypt the data.
Try to remove the malware using available tools.
Reset the computer to factory settings.

I'm not going to pay and wonder, what is the proper way to start getting my data back?

Should I first try to use ransomware decryption tool? Does it even work? I guess it will take much time right?

2. If I try to remove the ransomware, after that can I still use ransomware decryption tool or I will make data unusable? that means if I want to get data back I mustn't remove the virus right?

What free tool do you recommend or any paid software?

Thanks

generally call the police first, then you can try to decompile the virus and check how does it encrypt your data to decrypt it - there is no software that will do it for you — Flash Thunder, Commented Jan 4, 2022 at 11:40
Never pay the ransom. If they can't make money out of it they'll stop doing it eventually. First. Stop using that machine. For a few ransomwares the keys have escaped into the public domain, the majority haven't. Google the specific ransomware or file extension. Otherwise, nuke & pave, then restore from your last good backup. Nothing on that machine is recoverable or re-usable. — Tetsujin, Commented Jan 4, 2022 at 11:45
@FlashThunder Do you actually think a random person on the internet that asks a question such as this has the skills to reverse engineer ransomware before the ransom timer runs out? — gronostaj, Commented Jan 4, 2022 at 11:45
The only way those tools will work is if there was a flaw in the randsomware itself that resulted in the leak of the key required to decrypt your key. The key was either leaked allowing for a white hat hacker to release a tool or it wasn’t which means you either pay the fee or restore from a cold backup. Those are your only choices in a case like this — Ramhound, Commented Jan 4, 2022 at 12:14
You're still assuming there is a decryption tool. There most probably isn't. Don't pay the attackers. — Tetsujin, Commented Jan 4, 2022 at 12:50

anonanon · Accepted Answer · 2022-01-04 11:51:01Z

2

Pay the ransom and hope the cybercriminals keep their word and decrypt the data.

It is generally considered to be a bad idea to pay ransom. (a) No reason to believe you will get your data back. (b) Payment promotes more ransomware by criminals.

Try to remove the malware using available tools.

"Decent" encryption of files cannot be broken by available tools. Try, but little chance of success.

Reset the computer to factory settings.

This is the best approach. Starting fresh removes the virus. Then restore data from a backup that was not corrupted by the virus.

answered Jan 4, 2022 at 11:51

anon

"It is generally considered to be a bad idea to pay ransom" - by whom? Can you back this up with reputable sources? "Then restore data from a backup […]" - I'm afraid there's a false premise here that makes this approach unavailable.
– gronostaj
Commented Jan 4, 2022 at 11:54
3

Reasonable source: nbcnews.com/nightly-news/… .... I would put "don't pay ransom" in the body of common knowledge at this point.
– anon
Commented Jan 4, 2022 at 12:21
I know what you mean, but here's a quote from the same article: "The sheriff’s office had no choice but to pay the ransom to get back access to its files, said Detective Jeff McCliss. «It really came down to a choice between losing all of that data and being unable to provide the vital services […]»". Unfortunately criminals know very well that oftentimes losing the files is not an option - often enough to make this scheme profitable and worth the risk. Saying "don't pay the ransom" is not helpful if there are no alternatives.
– gronostaj
Commented Jan 4, 2022 at 12:32
@gronostaj - I can see where you're coming from - but if an official govt department hasn't figured out yet what backups are for, there's little hope. Whoever runs/ran their IT I hope will never work in the industry again.
– Tetsujin
Commented Jan 4, 2022 at 12:53
1

George - they're not running this as a legitimate business to get customers coming back for more because they were so pleased with the service last time. They don't give a monkey's if you get your data back. They only want your money. If people keep paying, they'll keep doing it. There are 7 billion people on this planet - they don't need a particularly high success-rate to make it profitable.
– Tetsujin
Commented Jan 4, 2022 at 14:55

| Show 1 more comment

Stack Exchange Network

Do ransomware decryption tool really work and what's proper way to fix it? [closed]

1 Answer 1

Not the answer you're looking for? Browse other questions tagged
decryption
ransomware
.

Hot Network Questions

Do ransomware decryption tool really work and what's proper way to fix it? [closed]

1 Answer 1

Not the answer you're looking for? Browse other questions tagged decryptionransomware.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
decryption
ransomware
.