Is it possible to 'crack' ransomware?

The first ransomware attack was recorded in 1989, after more than 30 years, ransomware became more sophisticated thanks to the explosion of the Internet, digital transformation and the advent of cryptocurrency.

According to Statista statistics, every 11 seconds an organization becomes a target of ransomware. In 2022, there will be more than 493 million ransomware attacks globally. The numbers not only serve as a warning about the prevalence of this type of online attack, but also highlight the extent of damage that can be caused to individuals and organizations.

However, only 27% of attacked organizations chose to pay the ransom. The rest choose to turn to IT experts to 'break the lock', also known as decrypting encrypted data files. The question is, is it possible to decrypt all ransomware?

The nature of ransomware

Ransomware is malware that encrypts files on an infected device. When a device is infected with ransomware, the owner usually receives a notification via a pop-up window, or in some cases a desktop wallpaper, asking to take steps to send a ransom to get the 'key' back. ) decryption.

Sometimes cyber criminals provide victims with decryption keys after a ransom is paid. But there are also cases where they run away and leave the victim with the encrypted files.

While ransomware can target individuals, hacker gangs often target companies, where they can earn larger ransoms.

How is ransomware decrypted?

Ransomware is 'cracked' using decryption tools - software designed for each specific type of ransomware to decrypt infected files. When a file is decrypted, the originally executed random code is decrypted and the original data is converted to text. There are many different ransomware decryption tools, both free and paid.

Technically, all types of ransomware can be decrypted, but each ransomware needs its own decryptor. It is not possible to use one set of tools to apply to all ransomware. This is the reason why it is difficult to neutralize ransomware, victims must know what type of ransomware it is to find the right tool.

Next, the decryption process also consumes huge time and computing resources, depending on the malware's algorithm. For example, with a 2048-bit RSA key, an average desktop computer will need 5 million million years to 'detect' the password.

In other words, victims will need quantum supercomputers to increase success and shorten the time to retrieve their data. Unfortunately, quantum machines cannot appear on a large scale in the near future.

In 2019, Google announced a quantum computer chip capable of solving experimental calculations in about 200 seconds for a task that would take a traditional supercomputer 10,000 years to perform.

Therefore, with current technology, Internet users need to take measures to 'prevent' ransomware with a comprehensive security strategy, rather than trying to jailbreak the device when it is infected with malware or paying a ransom and waiting. Waiting on the 'good will' of hackers.

Lesley Montoya

Update 01 April 2024