Now tools are proving to be successful against cyber criminals. Picture: Supplied
Now tools are proving to be successful against cyber criminals. Picture: Supplied

How ransomware victims are fighting back

HUNDREDS of ransomware victims are clawing back sensitive documents, photos, and even databases stolen from cyber criminals after a major breakthrough by internet security and law enforcement agencies overnight.

The consortium, which included security firm Bitdefender, Europol, Romanian Police, and America's Federal Bureau of Investigation, created a tool to break the two newest versions of the world's most widespread ransomware software, which is blamed for stealing data from thousands of victims worldwide.

Authorities are fighting back against cyber criminals. Picture: Supplied
Authorities are fighting back against cyber criminals. Picture: Supplied

A security researcher on the project, who spoke to News Corp on the basis of anonymity, said the breakthrough could land a massive blow to the finances of ransomware criminals.

"We estimate there are more than 500,000 people who were affected by the GandCrab family of ransomware and that it has caused financial losses valued at hundreds of millions of dollars," he said.

"Let's not forget that these guys have been customising their ransom notes. Sometimes they'll issue ransoms of $400 but they reach all the way up to $600,000 depending on how important they think the data is to the company."

But the researcher said the decryption tool, released online free of charge, could have an even larger impact on the criminal trade if it convinced future ransomware victims not to pay their attackers, and instead save their data and wait for a decryption tool to unlock it.

"That's the message from all of this - not to give the criminals the money and fuel cybercrime by paying these huge ransoms," he said. "It's not okay to give into ransom notes."

He said more than 100 victims had successfully used the tool to retrieve their hacked information within two hours of it being publicly released.

Cybercriminals had been using GandCrab ransomware to invade the computers of individuals, businesses, and government agencies since January this year, making it a key program in the thriving criminal industry.

The ransomware developers sell the program to criminals, who use it to break into victims' computers and demand money to unlock their files.

Its creators also take a 30 per cent cut of ransoms collected from victims, the researcher said, helping them to create more versions of the damaging software.

Research from Sophos showed almost half of all Australian businesses were targeted with ransomware last year, and the average cost of an infection was $188,000, including the ransom itself, downtime, cost to repair the network, and labour.

The Federal Government's Cyber Security Strategy report also found Australia had become the top target for ransomware in the Asia Pacific region, with ransomware reports doubling in 2016.

Ransomware victims looking to recover locked files can read information about the tool at NoMoreRansom.org or download the free decryption tool from Bitdefender (labs.bitdefender.com).

A spokesman for the security company said the new tool could unlock the first, fourth, and fifth version of GandCrab ransomware, and the company would work to defeat other versions of the malware in future.

"The release of this decryption tool is a spectacular breakthrough that highlights the effectiveness of collaboration between security vendors and law enforcement agencies," he said. "We have spent months on crypto-research and deployed considerable infrastructure to make this possible and help victims regain control of their digital lives at no cost."