Reverse Engineering Offers a Solution to Ransomware


Reverse Engineering Offers a Solution to Ransomware

Experts say the best way to avoid being a victim of ransomware is to prevent it with the right policies and procedures. (See Online Ransom Demands Threaten Businesses in Arkansas.)

But a breach can still happen because “there’s nothing you can do to prevent it 100 percent,” said Ted Clouser, executive vice president of PC Assistance of Little Rock. That’s why the company has certified ethical hacker Blake Townsend on its team to reverse-engineer the malware that encrypts the firm’s clients’ files then demands a ransom.

Reverse engineering, Townsend said, is working backward on the ransomware in a contained virtual environment to see how it functions and where it’s coming from.

A decryption code may be obtained with this method. Reverse engineering can also help companies block the ransomware from infecting its system a second time.

Reverse engineering doesn’t always work, Townsend said. For example, some versions of malware delete themselves after infecting a computer or system.

Experts fear that the increasing sophistication of ransomware may render it even more difficult to trace and combat.

In some cases, paying ransom may be the only recourse for a victim, although the FBI discourages it.

The FBI says paying ransom doesn’t guarantee files will be unlocked, emboldens cyber criminals to target more organizations and can fund other illegal activities.

Even if companies are forced to pay the ransom to continue operating, there is little else they can do moving forward aside from putting in place stronger cybersecurity policies and procedures. That’s because it’s difficult to trace the hackers, who often demand payment in the form of bitcoin, a digital currency that allows for virtual anonymity.

Many attacks go unreported, experts say. A December attack on ARcare of Augusta was reported to the FBI, Chief Information Officer Greg Wolverton said, in hopes the agency could address the issue and warn others.

The clinic was unable to find out where the attack came from, although it did discover the ransomware was created in Latvia.

Even if the criminals are found, they are often in countries without extradition treaties, or they demanded too little in ransom for law enforcement agencies to justify devoting time and resources to, said Aaron Gamewell, president, CEO and managing partner of SBS CyberSecurity in Madison, South Dakota.


More On This Story