Q: What’s worse than having your systems encrypted by ransomware?
A: Discovering hackers used two different strains of ransomware, meaning your data is double-encrypted.
Yes, this nightmare is out there, according to a recent Wired article. The article cites cases where combinations of REvil and Netwalker malware, as well as MedusaLocker and GlobalImposter ransomware combinations, locked up systems.
Hackers either layered the encryption on top of the files, so data was encrypted twice, or used ransomware A to encrypt some files and ransomware B to encrypt others.
In both scenarios, victims had to get two decryption keys.
You may have read that Colonial Pipeline paid a ransom. But the decryption tool turned out to be so slow the company reverted to restoring via backup files.
In other cases, decryption keys bring a high risk of data corruption. They crash, requiring recovery to start over or manual inputs to continue the process. All adds to extended recovery cost and downtime.
The best solution: Maintain robust backups, including keeping an offline copy that can’t be encrypted. When we say robust, we mean backups that are tested and capable of restoring operations to near current state.
Paying ransom leads to many negative results – including decryption keys that may not work. Plan ahead – and be prepared.
Need help? Give us a call.