Caution! Ryuk Ransomware decryptor damages larger files, even if you pay | Emsisoft | Security Blog
PSA: the Ryuk decryption tool contains bugs which can cause data loss. Back up your encrypted files before using it, or use our Ryuk decryptor instead.
James McQuiggan, Security Awareness Advocate, KnowBe4:
“The criminals behind Ryuk are evolving their attack vectors to reduce the time to encrypt data and in doing so, have caused an issue of destroying the data at the same time. Criminals want money and whether or not your data is maintained is not their concern; just getting the payday.
Is there honor among thieves? If the public is aware that the encryption process destroys their files, they will not pay and the criminals won’t receive any money. Could this be a bug in their software? Even the criminals write buggy code
Organizations want to backup their data and conduct regular testing of the backups to verify it can all be restored and maintain an offsite version of the data in the event of an onsite failure.
Incident response programs need to include ransomware attacks, who needs to be contacted and the steps to be taken when the organization is unable to produce or function effectively.
Finally, being able to monitor your networks and endpoints for large changes to data will allow an organization to respond quickly to a ransomware attack.”