Skip to main content
Kent Academic Repository

On the Effectiveness of Ransomware Decryption Tools

Filiz, Burak, Arief, Budi, Cetin, Orcun, Hernandez-Castro, Julio C. (2021) On the Effectiveness of Ransomware Decryption Tools. Computers & Security, 111 . Article Number 102469. ISSN 0167-4048. (doi:10.1016/j.cose.2021.102469) (KAR id:92302)

PDF Author's Accepted Manuscript
Language: English

Download this file
[thumbnail of Preprint-OnTheEffectivenessOfRansomwareDecryptionTools.pdf]
Request a format suitable for use with assistive technology e.g. a screenreader
PDF Publisher pdf
Language: English

Restricted to Repository staff only
Contact us about this Publication
[thumbnail of 1-s2.0-S0167404821002935-main.pdf]
Official URL:


Ransomware is a type of malware that locks out its victim’s access to their device or data – typically by encrypting files – and demands payment in exchange of restoring access. To fight the increasing threat posed by ransomware, security researchers and practitioners have developed decryption tools. These tools aim to help victims in recovering their data, generally by decrypting the compromised files without paying the ransom. Unfortunately, there has been minimal research on the effectiveness of decryption and recovery tools. There is a scant understanding regarding the extent to which these tools can actually recover compromised data. The research presented in this work aims to cover this gap by providing an empirical study on these tools’ effectiveness – in terms of decrypting and restoring compromised data. For doing so, we tested a total of 78 tools created by 11 security companies against 61 ransomware samples. That allows us to present an in-depth critical discussion of the real effectiveness of the recovery tools studied. We found that nearly half of the tools fail to recover compromised data satisfactorily. We conclude that there is still a lot of work to be done before these tools can make a real positive impact on ransomware victims. We finish our work by offering some additional insights and recommendations that could help in improving the effectiveness of ransomware decryption tools.

Item Type: Article
DOI/Identification number: 10.1016/j.cose.2021.102469
Projects: EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)
Uncontrolled keywords: ransomware, decryptor, tools, effectiveness, data recovery
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Funders: Engineering and Physical Sciences Research Council (
Depositing User: Budi Arief
Date Deposited: 13 Dec 2021 18:25 UTC
Last Modified: 04 Mar 2024 19:06 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.