Free Anti-Ransomware Tool is Actually a Scam

A security company has warned that a free tool claiming to remove ransomware is in fact ransomware itself. Sophos has also reported that businesses that pay ransoms end up with double the financial costs of those who don't.

The company's Paul Ducklin examined a tool called "Decrypter DJVU". It's promoted as a way to undo the damage of a strain of ransomware that encrypts files, adds the extension ".djvu" to the name, and demands a payment to decrypt and restore access. (Source: sophos.com)

The tool asks users to type in a personal ID and a file extension, though it appears it doesn't take any notice of what they input. Instead it pretends to start a file scan but actually just downloads a piece of malware and encrypts file, adding a new file extension called .ZRB.

Double Encryption Disaster

The user then gets a message informing them that they need to buy a decryption tool, then asks for an email address in order to get the paid tool. There's even a cheeky offer to decrypt two files free of charge.

By this point the user is in a real bind as many of their files will have gone through two different encryption processes. That makes it extremely difficult to decrypt them, even using legitimate tools and techniques.

Meanwhile, Sophos has also released a report on ransomware across the world in which it surveyed 5,000 IT staff from businesses across 26 countries. It asked about their experiences with ransomware attacks and the resulting costs. (Source: computerweekly.com)

Paying Up Not Cost Effective

It found that on average, if a company chose to pay the ransom it would spend a total of $1.4 million, including the payment to the scammers and the staff time and costs in using the supplied decryption key (if the scammers kept their promise) to unlock and verify files.

However, those who refused to pay spent an average of $750,000 dealing with the problem. That average covers a range of responses including paying computer experts to decrypt (or attempt to decrypt) files, restoring backups, and simply taking the hit and rebuilding files and data manually.

With both household and business victims of malware then, it seems the real key is to avoid being infected in the first place, as well as keeping offline backups. If ransomware does strike, there's no guarantee that paying the ransom or finding an alternative method to decrypt the files won't make things worse.

What's Your Opinion?

What would you do if you were hit by ransomware? Would you have the backups to recover from an attack? Would you trust free tools that claimed to help?