Skip to main content

On the Effectiveness of Ransomware Decryption Tools

Filiz, Burak, Arief, Budi, Cetin, Orcun, Hernandez-Castro, Julio C. (2021) On the Effectiveness of Ransomware Decryption Tools. Computers & Security, 111 . Article Number 102469. ISSN 0167-4048. (doi:10.1016/j.cose.2021.102469) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:92302)

PDF Author's Accepted Manuscript
Language: English

Restricted to Repository staff only until 29 September 2022.

Contact us about this Publication
[thumbnail of Preprint-OnTheEffectivenessOfRansomwareDecryptionTools.pdf]
PDF Publisher pdf
Language: English

Restricted to Repository staff only
Contact us about this Publication
[thumbnail of 1-s2.0-S0167404821002935-main.pdf]
Official URL
https://doi.org/10.1016/j.cose.2021.102469

Abstract

Ransomware is a type of malware that locks out its victim’s access to their device or data – typically by encrypting files – and demands payment in exchange of restoring access. To fight the increasing threat posed by ransomware, security researchers and practitioners have developed decryption tools. These tools aim to help victims in recovering their data, generally by decrypting the compromised files without paying the ransom. Unfortunately, there has been minimal research on the effectiveness of decryption and recovery tools. There is a scant understanding regarding the extent to which these tools can actually recover compromised data. The research presented in this work aims to cover this gap by providing an empirical study on these tools’ effectiveness – in terms of decrypting and restoring compromised data. For doing so, we tested a total of 78 tools created by 11 security companies against 61 ransomware samples. That allows us to present an in-depth critical discussion of the real effectiveness of the recovery tools studied. We found that nearly half of the tools fail to recover compromised data satisfactorily. We conclude that there is still a lot of work to be done before these tools can make a real positive impact on ransomware victims. We finish our work by offering some additional insights and recommendations that could help in improving the effectiveness of ransomware decryption tools.

Item Type: Article
DOI/Identification number: 10.1016/j.cose.2021.102469
Projects: [UNSPECIFIED] EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)
Uncontrolled keywords: ransomware, decryptor, tools, effectiveness, data recovery
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 13 Dec 2021 18:25 UTC
Last Modified: 15 Dec 2021 11:30 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/92302 (The current URI for this page, for reference purposes)
Arief, Budi: https://orcid.org/0000-0002-1830-1587
Hernandez-Castro, Julio C.: https://orcid.org/0000-0002-6432-5328
  • Depositors only (login required):