The Mac Security Blog

How To

How to Decrypt Dropbox Files Encrypted by Ransomware

Posted on by

How to Decrypt Dropbox Files Encrypted by Ransomware

Ransomware is a growing and lucrative attack in the cybercrime market. The FBI reported that known incidents of ransomware numbered nearly 2,500 in 2015, equaling approximately $1.6 million in losses by individuals and businesses. And as Intego predicted earlier this year, 2016 has become the year in which ransomware is treated with the caution it warrants. Most cybersecurity companies expect the number of victims to grow this year.

If you’re unfamiliar with how ransomware works, or how to free the files it holds hostage, read on to learn more.

Why Ransomware Is So Dangerous

Cybercriminals use ransomware to encrypt data and other digital information, such as Dropbox files, and hold them for ransom. If you pay, you will hopefully get your decrypted data back. If you don’t, the information remains locked and may eventually be sold on the black market or used for other nefarious purposes.

Many individuals and business owners choose to pay the ransom. For them, access to the data supersedes any other concerns—and they may not have the skill or money to rebuild their data management systems. They need the information to keep business operations moving, prevent lost opportunities, and mitigate reputation damage.

Elements Contributing to Ransomware’s Growth

Some of the struggle to prevent ransomware arises from how simple it is to implement. Hackers insert malicious code into anything: links, attachments, software downloads, and endpoints like Dropbox or a server. Also, when companies and businesses don’t regularly update their cybersecurity software, they are more obvious ransomware targets.

Another difficulty lies in how easy it is to hide activity. Hackers often require victims to pay in Bitcoin (such as the case with KeRanger) because it’s anonymous, fast, reliable, and somewhat difficult to trace. The Hollywood Presbyterian Medical Center, for example, paid 40 Bitcoins—equivalent to $17,000—to their attackers. To date, the criminals remain unidentified.

These factors should not cause you to despair. Rather, they should catalyze a security strategy that encompasses both prevention and recovery. If your Dropbox files have been taken hostage by a ransomware attack, use the following advice to free them.

Fighting Ransomware with Dropbox

Regularly backing up your data to an external source is critical to preventing ransomware and other types of cybercrimes. Dropbox facilitates this practice, whether you use its basic or paid versions. With the Cloud-based service, you can restore your files to a date before the ransomware was inserted.

The free version of Dropbox allows you to restore files within a 30-day time period. If you need a lengthier span of time, you should invest in a Dropbox Pro, Education, or Business account. You can add the Extended Version History (EVH) subscription to the first two account types. It allows you to revert and recover files up to a year after they were last edited.

A Dropbox Business account offers unlimited version history. Any files within your account can be restored to any date prior to the ransomware.

How to Restore an Individual Dropbox File

If a hacker captures an individual file, there are a few steps you should take.

  1. Track the file activity by visiting its version history. This is a record of which user accounts and computers last accessed the file.
  2. Find and identify the unknown computer as it is likely the one spawning the ransomware.
  3. Revert to a file version which was edited by a computer you know.
  4. Unlink your computer and connected devices from Dropbox and scan them for viruses.
  5. Reconnect your computer and devices to your account.

How to Recover Multiple Dropbox Files

Most hackers want as much data as they can get, so they focus on capturing multiple files at once. If that happens with your Dropbox account, you need to submit “deletion events” to Dropbox Support.

  1. Click on “events” in the left sidebar of your online Dropbox account.
  2. Copy the link for the event that needs to be undone and submit it to Dropbox Support using the following path: File recovery > Undo a large number of changes to files and folders > Undo a large number of changes.
  3. You need to include written permission for the changes in your message to Support. Once Support receives your request, they will undo the event and any actions that follow it.
  4. Unlink your computer and connected devices from Dropbox and scan them for viruses.
  5. Reconnect your computer and devices to your account.

Infected files have to be submitted individually to Dropbox Support, which can be problematic if the attacker has infiltrated your entire account. If that’s the case, you can ask Dropbox Support to revert your account to a specific date. Be absolutely certain you want the support team to perform the action; it can’t be undone.

How to Restore Shared Dropbox Folders

Compromised shared folders behave somewhat differently from multiple files. While the process to restore them is the same, there are two prerequisites.

  1. The folders must be active in your account.
  2. You must be the owner or editor of the folders to grant permission to Dropbox Support to take action.

Once your shared folders have been restored, follow steps four and five above to unlink, scan, and reconnect your computer and devices to your Dropbox account.

How to Regain Renamed Dropbox Files

Ransomware attacks like Locky and Cerber will change your files’ names. If this happens, you have a couple of options.

  1. You can restore earlier versions by clicking “deleted files” in the left sidebar or horizontal menu of your online Dropbox account. Click “restore” next to the correct file names, and delete the ransomware-renamed files.
  2. If a large number of files have been taken hostage and renamed, you should work with Dropbox Support by following the steps to recover multiple Dropbox files. Restoring multiple files can eat up a lot of time. Dropbox Support will lessen the time, energy, and effort.

As with reverting files and shared folders, you should disconnect your computer and connected devices from your Dropbox account and run a virus scan. Reconnect them when the scan produces a clean bill of health.

Ransomware is on the rise, but you can fight it with security best practices. Back up data regularly in Dropbox, and then implement a recovery plan for files and folders that get infected. Finally, make sure to emphasize online safety practices, especially if you have kids. A good defense is often the best offense you’ll have against ransomware and other malicious programs.

About Sarah Brown

Sarah Brown is a tech specialist with a love of all topics relating to the IoT. She writes about upcoming technologies, internet safety cyber security. Sarah believes that the through technology and the written word, we can all stay connected to each other and create a safe environment out in the ether. View all posts by Sarah Brown →