{"id":25544,"date":"2022-12-19T15:15:24","date_gmt":"2022-12-19T15:15:24","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=25544"},"modified":"2022-12-20T20:01:02","modified_gmt":"2022-12-20T20:01:02","slug":"decrypt-ransomware-encrypted-files","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/","title":{"rendered":"How to Decrypt Ransomware Files \u2013 And What to Do When That Fails"},"content":{"rendered":"\n<p><p>For any organization struck by <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-protection\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a>, business leaders always ask \u201chow do we decrypt the data ASAP, so we can get back in business?\u201d The good news is that ransomware files can be decrypted:<\/p> <ul> <li>Tools (paid or free) can be obtained to decrypt ransomware.<\/li> <li>Ransomware recovery specialists can be hired to perform the decryption and system recovery<\/li> <\/ul> <p>The bad news is that decryption often doesn\u2019t work, so the best option for recovery will always be the availability of sufficient, isolated data backups and a practiced restoration process. Once the attack occurs, the organization needs to simultaneously call to summon an incident response team and block the attack from progressing further. Only then can the organization proceed with the difficult tasks of decryption and recovery.<\/p> <p><strong>Also read:<\/strong><\/p> <ul> <li><strong><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-backup-solutions-for-ransomware-protection\/\" target=\"_blank\" rel=\"noopener\">Best Backup Solutions for Ransomware Protection<\/a><\/strong><\/li> <li><strong><a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-one-company-survived-ransomware\/\" target=\"_blank\" rel=\"noopener\">How One Company Survived a Ransomware Attack Without Paying the Ransom<\/a><\/strong><\/li> <\/ul> <div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6f8e8c60b8\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6f8e8c60b8\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#How-Does-Ransomware-Encryption-Work\" title=\"How Does Ransomware Encryption Work?\">How Does Ransomware Encryption Work?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#The-Calls-to-Make-While-Blocking-the-Attack-and-Before-Attempting-Decryption\" title=\"The Calls to Make While Blocking the Attack and Before Attempting Decryption\">The Calls to Make While Blocking the Attack and Before Attempting Decryption<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#Block-the-Attacks\" title=\"Block the Attacks\">Block the Attacks<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#Ransomware-Decryption-Tool-Options\" title=\"Ransomware Decryption Tool Options\">Ransomware Decryption Tool Options<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#Ransomware-Decryption-Setting-Expectations\" title=\"Ransomware Decryption: Setting Expectations\">Ransomware Decryption: Setting Expectations<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#The-Bottom-Line-The-Best-Ransomware-Defense-is-Proactive-Not-Reactive\" title=\"The Bottom Line: The Best Ransomware Defense is Proactive, Not Reactive\">The Bottom Line: The Best Ransomware Defense is Proactive, Not Reactive<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"How-Does-Ransomware-Encryption-Work\"><\/span>How Does Ransomware Encryption Work?<span class=\"ez-toc-section-end\"><\/span><\/h2> <p>Ransomware encryption works like any other encryption, except that the keys are controlled by the ransomware gang. The encrypting software will take the bits of the file and scramble them using a cipher, or code that generates the encryptions keys. These encryption keys can also be used to decode the encryption and restore the file\u2019s usability.<\/p> <p>Some ransomwares use standard encryption or compression tools, like 7zip and Winrar, and others create their own encryption tools that might <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-intermittent-encryption\/\" target=\"_blank\" rel=\"noopener\">only encrypt part of files<\/a> to speed up the process.<\/p> <p>In either case, the encryption tool sends the randomly-generated encryption key to the ransomware gang. If the victim pays the ransom, that random key will be sent to the customer with the decryption tool to restore the files.<\/p> <h2><span class=\"ez-toc-section\" id=\"The-Calls-to-Make-While-Blocking-the-Attack-and-Before-Attempting-Decryption\"><\/span>The Calls to Make While Blocking the Attack and Before Attempting Decryption<span class=\"ez-toc-section-end\"><\/span><\/h2> <p><span style=\"font-weight: 400\">The criminal and high-tech nature of ransomware requires special handling. Calls may be required inside and outside of the organization to properly address the issues that arise from a ransomware attack and these calls need to be made early in the process because ransomware triggers special circumstances.<\/span><\/p> <p><strong>Call#1: Cybersecurity insurance provider:<\/strong> If reimbursement will be needed, immediately call the <a href=\"https:\/\/www.esecurityplanet.com\/products\/cyber-insurance-companies\/\" target=\"_blank\" rel=\"noopener\">cyber insurance company<\/a> that issued the organization\u2019s cybersecurity policy. Most insurance companies require specific incident response vendors, procedures, and reporting that must be met to meet the standards to be insured.<\/p> <p>Insured companies often will not have options. Instead, the cybersecurity insurance company will take full control, and the insured company will need to follow instructions.<\/p> <p><strong>Call#2: Call an Incident Response Team:<\/strong> Next call the incident response team recommended by the cybersecurity insurance company, a vendor, or the internal team responsible for IT security incident containment and recovery. Internal incident response teams usually handle smaller ransomware attacks, but large scale attacks will require additional resources. Typically, the fastest way to recover is to call <a href=\"https:\/\/www.esecurityplanet.com\/products\/mssp\/\" target=\"_blank\" rel=\"noopener\">an MSSP<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/networks\/best-incident-response-tools-services\/\" target=\"_blank\" rel=\"noopener\">incident response specialist<\/a>, or <strong><a href=\"https:\/\/www.esecurityplanet.com\/products\/ransomware-removal-and-recovery-services\/\" target=\"_blank\" rel=\"noopener\">ransomware recovery specialist<\/a><\/strong>.<\/p> <p><strong>Call#3: Call Stakeholders:<\/strong> <span style=\"font-weight: 400\">For significant and widespread ransomware attacks, e<\/span>xecutives, legal counsel, and law enforcement such as the local office for the FBI or police should also be on the incident response phone list for early contact.<\/p> <p><span style=\"font-weight: 400\">While law enforcement may not help directly during the attack, the FBI has helped to <\/span><a href=\"https:\/\/www.justice.gov\/opa\/pr\/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside\" target=\"_blank\" rel=\"noreferrer noopener\"><span style=\"font-weight: 400\">seize ransom payments<\/span><\/a><span style=\"font-weight: 400\"> for victims. Additionally, law enforcement can help prevent an organization from accidentally making <\/span><a href=\"https:\/\/home.treasury.gov\/system\/files\/126\/ofac_ransomware_advisory.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"><span style=\"font-weight: 400\">illegal payments to entities sanctioned<\/span><\/a><span style=\"font-weight: 400\"> by the US Treasury.<\/span><\/p> <h2><span class=\"ez-toc-section\" id=\"Block-the-Attacks\"><\/span>Block the Attacks<span class=\"ez-toc-section-end\"><\/span><\/h2> <p>Whether handing off recovery to the insurance company, paid incident response professionals, or attempting recovery in-house, the next steps will generally be the same:<\/p> <ol> <li>Stop the spread of the ransomware.<\/li> <li>Eliminate attacker access.<\/li> <li>Begin work on recovery.<\/li> <\/ol> <p>Note that decryption is not a consideration until at least step three because the IT team cannot safely attempt any decryption without stopping the spread of ransomware or blocking access that attackers might use to interfere with recovery. These steps are covered in more depth in <strong><a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-recover-from-a-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">How to Recover From a Ransomware Attack<\/a><\/strong>, so for now, we\u2019ll simply presume the attackers and malware are under control.<\/p> <h2><span class=\"ez-toc-section\" id=\"Ransomware-Decryption-Tool-Options\"><\/span>Ransomware Decryption Tool Options<span class=\"ez-toc-section-end\"><\/span><\/h2> <p>Once the systems have been isolated and the ransomware removed, we can examine the encrypted files and attempt decryption. The first step is to determine the type of ransomware infecting the system which determines what types of decryption tools may be available. Decryption tools fall into the following general categories:<\/p> <ul> <li>Paid-ransom decryptor (worst choice)<\/li> <li>Free tools<\/li> <li>For-pay ransomware recovery tool (best choice)<\/li> <\/ul> <p>Each type of tool will have pros, cons, likelihood of success, and cautions.<\/p> <h3>Identifying The Infecting Ransomware Type<\/h3> <p>To know what options are available for a specific infection, the ransomware recovery team will need to inspect the encrypted files and the ransomware messages.<\/p> <p>Most ransomware attackers will be obvious and provide a ransom note that provides the ransomware strain and instructions for how to contact the ransomware group. However, recently some companies have suffered attacks from multiple ransomware gangs simultaneously, so incident recovery teams will need to check each machine separately and verify the infections.<\/p> <p>The file extensions of the encrypted files will also provide a clue. Incident response teams can use a search engine to look up the file extension and ransomware name to see what decryptors might be available. For example, files with the following extensions are signs of attack from BTCWare, which has a <a href=\"https:\/\/blog.avast.com\/avast-releases-decryptor-tool-for-btcware-ransomware\" target=\"_blank\" rel=\"noopener\">free decryptor<\/a>: btcware, cryptobyte, cryptowin, theva, onyon.<\/p> <p>Note that some ransomware attacks lock the screen of the machine, which would require a completely different method of recovery.<\/p> <h3>Paid Ransomware Decryptor<\/h3> <p>The ransomware attackers will always encourage paying the ransom to obtain their decryption tool. However law enforcement will always discourage paying ransoms and supporting criminal activity.<\/p> <p>Ultimately, each organization will need to decide for themselves the morality of paying for a ransomware decryptor. However, there are also practical reasons to be extremely cautious.<\/p> <p>First, ransomware decryptors don\u2019t always work. IT teams need to search for the reputation of the ransomware attackers to understand how likely the tool is going to work.<\/p> <p>For example:<\/p> <ul> <li>The <a href=\"https:\/\/www.enigmasoftware.com\/powerwormransomware-removal\/\" target=\"_blank\" rel=\"noopener\">Power Worm ransomware contained a bug<\/a> that failed to generate a decryption key when encrypting data \u2014 no data can be recovered.<\/li> <li>The <a href=\"https:\/\/iacc.memberclicks.net\/assets\/docs\/COVID19\/FBI%20-%20FLASH%20TLP%20Green%20-%20Indicators%20of%20Compromise%20Associated%20with%20ProLock....pdf\" target=\"_blank\" rel=\"noopener\">FBI warned that the ProLock<\/a> (AKA: ProLocker, PwndLocker) ransomware gang\u2019s decryptor might corrupt files larger than 64MB, and the decryptor averages 1 byte of integrity loss per 1KB for files larger than 100MB.<\/li> <\/ul> <p>Additionally, keep in mind that these criminal gangs do not have the best interest of their victims in mind when they create these software packages. Ransomware decryptors can potentially load other malware, drop back doors, or add new users to systems as they process the decryption.<\/p> <p>Even if the malware decryptor works, IT recovery teams will need to perform thorough scans of the systems to ensure no additional vulnerabilities were introduced to the system. To do it correctly, this process will be extremely time-consuming and possibly very expensive.<\/p> <h3>Free Decryption Tools<\/h3> <p>It is always tempting to try and solve our problems for free, but sometimes the value of the software is worth the amount we paid \u2014 or worse. When considering a free tool, it is worth investigating the reputation of the person or organization that developed the free tool and considering the reputation of the source providing information on the tool.<\/p> <p>Some tools will be generated by reputable security researchers or anti-malware companies and be promoted on reputable security news websites. Other tools might have mystery creators, so it can\u2019t be ruled out that the tool has been created by ransomware gangs or other malware creators.<\/p> <p>Even if the tool is 100% legitimate, it still may only work on certain versions of the ransomware or have other limitations. Lastly, free tools will probably have limited support available to help users with their issues.<\/p> <p>Some representative examples of free tools:<\/p> <ul> <li>The Czech antivirus and patch management software creator Avast is a large public company. Their strong reputation makes their <a href=\"https:\/\/www.avast.com\/ransomware-decryption-tools#\" target=\"_blank\" rel=\"noopener\">array of ransomware decryption tools<\/a> quite credible as potential options.<\/li> <li>Ransomware researcher Michael Gillespie creates ransomware decryption tools that are distributed for free on antivirus tool websites; he can also be found on <a href=\"https:\/\/github.com\/Demonslay335\" target=\"_blank\" rel=\"noopener\">GitHub<\/a> and <a href=\"https:\/\/twitter.com\/demonslay335\" target=\"_blank\" rel=\"noopener\">Twitter<\/a>.<\/li> <li>The <a href=\"https:\/\/www.enigmasoftware.com\/fake-ransomware-decryptor-encrypts-victim-files\/\" target=\"_blank\" rel=\"noopener\">Zorab ransomware gang released a fake STOP Djvu<\/a> ransomware decryptor that instead encrypts a victim\u2019s files with a second ransomware.<\/li> <li>The Emsisoft antimalware company offers a <a href=\"https:\/\/decrypter.emsisoft.com\/submit\/stopdjvu\/\" target=\"_blank\" rel=\"noopener\">free STOP Djvu Decryption Tool<\/a> created by Michael Gillespie; however, it notes that the decryptor requires:<br> <ul> <li>The malware to be an older version, which is unlikely to work after August 2019<\/li> <li>To generate a decryptor, the tool requires unencrypted and encrypted pairs of files larger than 150KB and of the same file type (PNG, PDF, etc.)<\/li> <\/ul> <\/li> <li>The European Union Police agency, Europol, <a href=\"https:\/\/www.nomoreransom.org\/en\/index.html\" target=\"_blank\" rel=\"noopener\">offers a repository of ransomware decryption<\/a> tools.<\/li> <\/ul> <p>It may be useful to note that company policy may prevent the use of some free tools. For example, the reputable Kaspersky anti-malware company might offer <a href=\"https:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener\">legitimate anti-ransomware tools<\/a> suitable for many organizations, but their Russian headquarters may cause hesitation over concerns related to the invasion of Ukraine or concerns of spyware.<\/p> <h3>For-Pay Ransomware Recovery Tool<\/h3> <p>Many companies offer software that companies can buy to recover from ransomware attacks. As with free software, the reputation of the company producing the software will be a huge consideration prior to the purchase.<\/p> <p>However, even the <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-ransomware-removal-tools\/\" target=\"_blank\" rel=\"noopener\"><strong>best ransomware removal tools<\/strong><\/a> cannot guarantee they will be able to decrypt ransomware files, and often, they work primarily as a preventative method. IT recovery teams should check with the software vendor to see if their tool can decrypt the specific ransomware used in the attack before investing in decryption tools.<\/p> <p>However, for-pay ransomware tools usually have the advantage of support personnel that can more actively help incident response teams when they encounter difficulty.<\/p> <h2><span class=\"ez-toc-section\" id=\"Ransomware-Decryption-Setting-Expectations\"><\/span>Ransomware Decryption: Setting Expectations<span class=\"ez-toc-section-end\"><\/span><\/h2> <p>When asked to perform decryption, incident recovery teams need to set expectations with company executives. Executives and incident response teams need to prepare alternative solutions during the decryption process in case the decryption is unsuccessful.<\/p> <p>In addition to expectations for recovery, incident response teams need to prepare executives for other issues that may complicate, slow, or prevent recovery of encrypted data such as: safe mode infections, hands-on recovery requirements, slow decryption, or corrupted files.<\/p> <h3>Can Ransomware-Encrypted Files Be Recovered?<\/h3> <p>The honest answer is \u201cprobably not.\u201d Many people have a poor understanding of statistics and feel that even a \u201c25% chance\u201d of recovery means that a competent person will be able to execute decryption. Unfortunately, even the most skilled incident recovery specialist may be unable to decrypt ransomware files under a broad range of circumstances.<\/p> <p>Additionally, multiple attacks are possible, so even the successful decryption of one ransomware attack might reveal files encrypted from a prior attack that now require a completely different decryption tool. Finally, decryption of local files does not solve the problem of <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-donut-leaks-extortion-gang-linked-to-recent-ransomware-attacks\/\" target=\"_blank\" rel=\"noopener\">possible extortion related to data leaks<\/a> of exfiltrated files from the attack.<\/p> <h3>Safe-Mode Infections<\/h3> <p>To avoid malware attacks that load during a normal startup, incident response may want to start the operating system in Safe Mode. This often helps incident response teams to clean the machine safely.<\/p> <p>However, advanced ransomware attacks understand this process and may take alternative measures to maintain persistence. For example:<\/p> <ul> <li>Snatch ransomware actually <a href=\"https:\/\/news.sophos.com\/en-us\/2019\/12\/09\/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection\/\" target=\"_blank\" rel=\"noopener\">forces a reboot into Safe mode<\/a> to execute the ransomware encryption without interference from antivirus programs.<\/li> <li>While not yet seen for ransomware, other malware has been detected <a href=\"https:\/\/usa.kaspersky.com\/about\/press-releases\/2022_kaspersky-uncovers-third-known-firmware-bootkit\" target=\"_blank\" rel=\"noopener\">infecting the firmware bootkit<\/a> in the flash memory of the hardware itself. This type of infection may require a replacement of the hardware to remove.<\/li> <\/ul> <h3>Full Disconnect Recommendation<\/h3> <p>In our remote-access world, it may be tempting to attempt to recover from the ransomware attack using <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/secure-access-for-remote-workers-rdp-vpn-vdi\/\" target=\"_blank\" rel=\"noopener\">remote-access tools<\/a>. However, this also keeps the computer available for remote access for attackers.<\/p> <p>It is better to fully isolate the device from networks and the internet to ensure no access was overlooked. Of course, this also means the tech needs to physically be present to access the device, which will add costs and time to the process, but ultimately, it may be required under most circumstances.<\/p> <h3>Decryptor Purgatory<\/h3> <p>Decryption takes a long time to execute, and even the official decryption solution from the ransomware gang may not work efficiently. In two notable attacks, the victims started trying to use the ransomware gang\u2019s tool but ultimately needed to switch to an alternative because the process was so slow:<\/p> <ul> <li>The <a href=\"https:\/\/www.esecurityplanet.com\/trends\/colonial-pipeline-ransomware-attack\/\" target=\"_blank\" rel=\"noopener\">Colonial Pipeline company paid $5 million in ransom<\/a>, but the tool worked so slowly, the company had to attempt to restore data from backup anyway.<\/li> <li>The Health Services Executive (HSE) healthcare system for Ireland suffered an attack from a ransomware gang. The gang expressed regret for striking healthcare providers during the pandemic and provided a free decryptor. The decryptor worked so slowly that the HSE had to <a href=\"https:\/\/www.irishtimes.com\/news\/crime-and-law\/hse-cyberattack-new-zealand-company-offers-decryption-tool-in-response-to-attack-1.4571472\" target=\"_blank\" rel=\"noopener\">switch to a tool developed by a New Zealand anti-malware company<\/a>.<\/li> <\/ul> <p>Of course, even after investing significant time in the decryption process, a successful decryption may discover files have been corrupted in the encryption process.<\/p> <h3>Data Corruption Attacks<\/h3> <p>Researchers <a href=\"https:\/\/www.cyderes.com\/blog\/threat-advisory-exmatter-data-extortion\/\" target=\"_blank\" rel=\"noopener\">found that some ransomware creators<\/a> have developed new options for attackers to corrupt data instead of encrypting it. Encryption takes significant time and newer endpoint detection tools can send alerts on encryption activity.<\/p> <p>The new option still exfiltrates the data but then begins to copy blocks of data from the middle of exfiltrated files over other randomly selected files. File-write processes do not trigger alerts, and the exfiltration and corruption process allows the attacker to become the sole owner of the uncorrupted data.<\/p> <p>Should this option become activated, companies will lose the option for decryption and will only have the option to buy back their data from attackers or restore from backups.<\/p> <h2><span class=\"ez-toc-section\" id=\"The-Bottom-Line-The-Best-Ransomware-Defense-is-Proactive-Not-Reactive\"><\/span>The Bottom Line: The Best Ransomware Defense is Proactive, Not Reactive<span class=\"ez-toc-section-end\"><\/span><\/h2> <p>It would be irresponsible to suggest that ransomware-encrypted files can be regularly or easily decrypted. While difficult, an organization can look for potential solutions to decrypt their ransomware-affected files with professional decryption tools, freeware tools, or as a last resort, paying the ransomware gang for the decrypting software. The success rate for decryption tends to be low, but an organization can get lucky.<\/p> <p>Organizations also need to keep in mind that some sophisticated ransomware attackers pose an even larger risk than simple ransomware encryption. Incident response professionals should be deployed to ensure the attacker\u2019s access to company systems have been found and eliminated to prevent future attacks.<\/p> <p>Organizations that do not want to rely on luck need to prepare in advance for potential ransomware attacks with appropriate security tools, security monitoring, and robust backup procedures. Fortunately, there are many security tools and service providers ready and able to help prepare and minimize the impact of a successful attack.<\/p> <p><strong>Read Next- <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-protection\/\" target=\"_blank\" rel=\"noopener\">Ransomware Prevention: How to Protect Against Ransomware<\/a><\/strong><\/p><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6f8e8c437a-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6f8e8c437a\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6f8e8c437a\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6f8e8c437a\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6f8e8c437a\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6f8e8c437a\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6f8e8c437a\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>For any organization struck by ransomware, business leaders always ask \u201chow do we decrypt the data ASAP, so we can get back in business?\u201d The good news is that ransomware files can be decrypted: Tools (paid or free) can be obtained to decrypt ransomware. Ransomware recovery specialists can be hired to perform the decryption and [&hellip;]<\/p>\n","protected":false},"author":271,"featured_media":19167,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14],"tags":[3790,3753,860,16437,1146,3414,2478,31445,5277],"b2b_audience":[33,34,35],"b2b_industry":[],"b2b_product":[31788,403,383,389,31790,375],"class_list":["post-25544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","tag-cybersecurity","tag-disaster-recovery","tag-encryption","tag-incident-response","tag-malware","tag-network-security","tag-ransomware","tag-ransomware-prevention","tag-web-security","b2b_audience-awareness-and-consideration","b2b_audience-evaluation-and-selection","b2b_audience-implementation-and-support","b2b_product-advanced-persistent-threats","b2b_product-cyber-terrorists-and-cyber-crime","b2b_product-encryption-data-loss-prevention","b2b_product-managed-security-services","b2b_product-ransomware","b2b_product-security-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Decrypt Files Encrypted by Ransomware<\/title>\n<meta name=\"description\" content=\"Ransomware is malware that encrypts files on your device, making them inaccessible. Learn how to decrypt files encrypted by ransomware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Decrypt Files Encrypted by Ransomware\" \/>\n<meta property=\"og:description\" content=\"Ransomware is malware that encrypts files on your device, making them inaccessible. Learn how to decrypt files encrypted by ransomware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-19T15:15:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-20T20:01:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"710\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chad Kime\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad Kime\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\"},\"author\":{\"name\":\"Chad Kime\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\"},\"headline\":\"How to Decrypt Ransomware Files \u2013 And What to Do When That Fails\",\"datePublished\":\"2022-12-19T15:15:24+00:00\",\"dateModified\":\"2022-12-20T20:01:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\"},\"wordCount\":2439,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg\",\"keywords\":[\"cybersecurity\",\"disaster recovery\",\"encryption\",\"incident response\",\"malware\",\"network security\",\"ransomware\",\"ransomware prevention\",\"Web security\"],\"articleSection\":[\"Networks\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\",\"name\":\"How to Decrypt Files Encrypted by Ransomware\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg\",\"datePublished\":\"2022-12-19T15:15:24+00:00\",\"dateModified\":\"2022-12-20T20:01:02+00:00\",\"description\":\"Ransomware is malware that encrypts files on your device, making them inaccessible. Learn how to decrypt files encrypted by ransomware.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg\",\"width\":710,\"height\":400,\"caption\":\"ransomware prevention\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Decrypt Ransomware Files \u2013 And What to Do When That Fails\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\",\"name\":\"Chad Kime\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"caption\":\"Chad Kime\"},\"description\":\"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Decrypt Files Encrypted by Ransomware","description":"Ransomware is malware that encrypts files on your device, making them inaccessible. Learn how to decrypt files encrypted by ransomware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/","og_locale":"en_US","og_type":"article","og_title":"How to Decrypt Files Encrypted by Ransomware","og_description":"Ransomware is malware that encrypts files on your device, making them inaccessible. Learn how to decrypt files encrypted by ransomware.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/","og_site_name":"eSecurity Planet","article_published_time":"2022-12-19T15:15:24+00:00","article_modified_time":"2022-12-20T20:01:02+00:00","og_image":[{"width":710,"height":400,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg","type":"image\/jpeg"}],"author":"Chad Kime","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Chad Kime","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/"},"author":{"name":"Chad Kime","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9"},"headline":"How to Decrypt Ransomware Files \u2013 And What to Do When That Fails","datePublished":"2022-12-19T15:15:24+00:00","dateModified":"2022-12-20T20:01:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/"},"wordCount":2439,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg","keywords":["cybersecurity","disaster recovery","encryption","incident response","malware","network security","ransomware","ransomware prevention","Web security"],"articleSection":["Networks"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/","url":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/","name":"How to Decrypt Files Encrypted by Ransomware","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg","datePublished":"2022-12-19T15:15:24+00:00","dateModified":"2022-12-20T20:01:02+00:00","description":"Ransomware is malware that encrypts files on your device, making them inaccessible. Learn how to decrypt files encrypted by ransomware.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/09\/Ransomware.jpg","width":710,"height":400,"caption":"ransomware prevention"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"How to Decrypt Ransomware Files \u2013 And What to Do When That Fails"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9","name":"Chad Kime","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","caption":"Chad Kime"},"description":"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.","url":"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/25544"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=25544"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/25544\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/19167"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=25544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=25544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=25544"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=25544"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=25544"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=25544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}