Hi all.
I was just browsing ransomware topics and happened across a SymantecTV short video, which somewhat explains ransomware as to a child, but at the end it rather weakly indicates that you can clean ransomware with the likes of power eraser. Obviously these videos are made by the marketing people so there's no point in believing any of it without verification but from a technical standpoint does anybody here know if it has ever proven effective? Given that removing the encryptor engine means you have no facility to decrypt the files, removing it really accomlishes nothing anyway I would think. Unless you powered off the moment it began encryption so most files are still intact. Even then you have to hope there is no way for that stuff to come back.
And for the life of me, I don't know why, but every security vendor keeps saying "don't pay the ransom". Just a minor rant here, but I doubt that will deter cybercriminals from the most lucrativec gold rush that ever existed in the cyber domain. The intelligent ones likely realize that having high unlock rates means the market will not dry up and I might also point out that since the bad guys are always a step ahead, guess what happens if enough people take that advice? The baddies will be prompted to evolve the game further and more quickly. For example and if this doesn't exist I'm sure it will soon either way, with encrypting ransomware not only do your files get encrypted, but pehraps they'll threaten to share your stuff online with the world too. Or maybe a thing where you pay once for decryption, and a second fee for non-sharing. It's a natural evolution that is only limited by the imagination but it isn't likely to be prompted unless current methods start to become less effective. And I don't mean antivirus detection rates, I mean if ransomware victims begin to just say no, the bad guys will have to find new ways for victims to have to say yes. I would think we'd want to keep the enemy contained within known parameters and try to avoid causing them to feel they must innovate on the victim coercion front.
I am very much hoping that this advice is based off of something more solid than a half-hearted hope that if we all just say no that somehow cybercriminals will throw their hands up in defeat and take up golf or musical instruments.
Anyway, rants aside, I'm just wondeirng if anybody has observed or heard of Power Eraser doing anyting succesful with ransomware. And another thought or question: does Symantec have a specific incident response team for ransom-locked customers or is it just the standard support process?
Thank you.