The Romanian cybersecurity firm Bitdefender has developed a tool for decrypting victim systems infected by the LockerGoga ransomware. Bitdefender has provided this tool for free to anyone that has fallen victim to this malware, including documentation to walk users through the decryption process.
Bitdefender worked with law enforcement agencies across the globe to identify flaws in the cryptography used by the LockerGoga ransomware. However, the arrest of LockerGoga operators may have also contributed to the rapid development of a decryption tool.
There are caveats to the usage of the decrypting tool. For example, the original ransomware notes left behind by LockerGoga, as well as a working internet connection, are required to decrypt a victim host. Although, Bitdefender’s decryption tool does offer the very convenient benefit of being able to decrypt all encrypted hosts on a network. In addition, in the event that a decryption process is interrupted, the decryption tool provides back-ups of files that may have been corrupted by the interruption.
There is a lot of controversy among the information security community in regard to the payment of ransoms by companies to ransomware operators. By providing tools that allow organizations to circumvent paying ransom to criminal malware operators, Bitdefender strikes at the core goals of these criminal groups.
When it comes to the potential risk of ransomware, much of the impact can be mitigated by a comprehensive backup strategy. Having multiple mediums of backups, stored in different locations on a rolling schedule can drastically reduce the risk of ransomware/data extortion. Having a backup strategy that isolates remote backups from internal network segmentation can provide a significant barrier for ransomware operators to overcome.