In several instances, researchers have managed to reverse enough ransomware malware code to identify a way of decrypting the victim’s files, without having to pay any ransom. The website nomoreransom.org guides victims of ransomware attacks to a variety of existing free decryptors after identifying the particular strain of ransomware at play. Several security vendors have provided similar capabilities when the community has been lucky enough to find flaws in the malware or its execution.

The malware authors are very much aware of this issue. If victims can decrypt their files without the need for a key only the cyber criminal holds, the entire campaign is worthless. They will henceforth do everything in their power to avoid this happening.

One way cyber criminals have made ransomware more robust is by employing stronger encryption algorithms with longer keys. This technique is very successful but more difficult to pull off as great expertise in cryptography is required. We have seen in the past a ransomware developer seeking help from security researchers to fix their bugs.