MemCrypt has developed a framework which is capable of obtaining ransomware keys during an active attack.
Ransomware blocks access to user data by locking it with an encryption key. The victim must pay a large sum of money (the ransom) to obtain this key in order to unlock and regain access to their own data.
Existing methods for combating ransomware include data backups, end-point protection, and cyber insurance solutions. However, these methods do not enable the user to quickly recover from an attack when ransomware has succeeded in encrypting user data.
MemCrypt has developed a framework that is capable of obtaining ransomware keys during an active attack. By acquiring the key, we are able to allow a user to immediately unlock and recover any data affected by ransomware. MemCrypt is also developing a ransomware incident reporting tool which provides a standardised approach to evidence gathering. Privacy-preserving methods will be applied to enable sharing of ransomware attack data among digital investigators and stakeholders.