Re: Ransomware
Errrrr, no, because any system that allows you to decrypt a file naturally posesses the decryption key, which means you can just decrypt it yourself later as long as you have the backup. I can't think of any ransomware solution out there right now that works like this.
And backup restores don't have to be on a live system. Just restore from backup, decrypt the files using the known decryption key(s), and clean the bits from the executables. It will be tedious yes but I imagine entirely automatable with some work. At that point the entire scheme is thwarted and even after being "encrypted" no data is truly lost from that time period. Alternatively just restore from earlier backup.
You also can't tell me that major AV vendors will not have a decryption tool ready in like a day or two after the first in-the-wild samples are analyzed.
Biting the hand that feeds IT
