The variety of malware on the Internet is ever-growing. One such variant of malware is ransomware, sometimes also known as crypto-ransomware, which attempts to encrypt important files on a user's computing system and then hold the encrypted files for ransom. If the user does not pay the ransom, the important files remain encrypted and may be impossible for the user to access. Unfortunately, the encryption of important files may result in data loss and/or may compromise functionality on the computing system. Breaking the encryption without paying the ransom may be incredibly difficult due to the strength of the encryption algorithms used by the ransomware and the exponential computation requirements required to break modern encryption algorithms, making key recover mathematically infeasible.
Traditional security systems for detecting other types of malware, such as anti-virus applications, often fail to detect ransomware because attackers frequently update their tools to evade such security systems. In many cases, traditional systems may not determine that an application is ransomware until the user's files have already been encrypted. Even if the ransomware is removed, the damage is done and the files remain encrypted. In some cases, ransomware may even encrypt backup files, making it very difficult for a user to recover lost data. The instant disclosure, therefore, identifies and addresses a need for systems and methods for recovering encrypted information.