Filiz, Burak, Arief, Budi, Cetin, Orcun, Hernandez-Castro, Julio C. (2021) On the Effectiveness of Ransomware Decryption Tools. Computers & Security, 111 . Article Number 102469. ISSN 0167-4048. (doi:10.1016/j.cose.2021.102469) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:92302)
PDF
Author's Accepted Manuscript
Language: English Restricted to Repository staff only until 29 September 2022.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
|
|
Contact us about this Publication
|
![]() |
PDF
Publisher pdf
Language: English Restricted to Repository staff only |
|
Contact us about this Publication
|
![]() |
Official URL https://doi.org/10.1016/j.cose.2021.102469 |
Abstract
Ransomware is a type of malware that locks out its victim’s access to their device or data – typically by encrypting files – and demands payment in exchange of restoring access. To fight the increasing threat posed by ransomware, security researchers and practitioners have developed decryption tools. These tools aim to help victims in recovering their data, generally by decrypting the compromised files without paying the ransom. Unfortunately, there has been minimal research on the effectiveness of decryption and recovery tools. There is a scant understanding regarding the extent to which these tools can actually recover compromised data. The research presented in this work aims to cover this gap by providing an empirical study on these tools’ effectiveness – in terms of decrypting and restoring compromised data. For doing so, we tested a total of 78 tools created by 11 security companies against 61 ransomware samples. That allows us to present an in-depth critical discussion of the real effectiveness of the recovery tools studied. We found that nearly half of the tools fail to recover compromised data satisfactorily. We conclude that there is still a lot of work to be done before these tools can make a real positive impact on ransomware victims. We finish our work by offering some additional insights and recommendations that could help in improving the effectiveness of ransomware decryption tools.
Item Type: | Article |
---|---|
DOI/Identification number: | 10.1016/j.cose.2021.102469 |
Projects: | [UNSPECIFIED] EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS) |
Uncontrolled keywords: | ransomware, decryptor, tools, effectiveness, data recovery |
Subjects: | Q Science > QA Mathematics (inc Computing science) |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Budi Arief |
Date Deposited: | 13 Dec 2021 18:25 UTC |
Last Modified: | 15 Dec 2021 11:30 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/92302 (The current URI for this page, for reference purposes) |
Arief, Budi: | ![]() |
Hernandez-Castro, Julio C.: | ![]() |
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):