Nubeva, a tech company headquartered in San Jose, California, has developed a unique product, NuRR (Nubeva Ransomware Reversal), touted to capture encryption keys at the onset of a ransomware’s encryption operation. If successful, the captured keys can be used to decrypt any files encrypted by the ransomware, eliminating the need to pay a ransom.
The Maryland Innovation & Security Institute’s (MISI) DreamPort facility conducted a thorough evaluation of these claims. MISI, a non-profit aimed at advancing discovery, education, innovation, and collaboration in cybersecurity, formed the DreamPort facility in alliance with the US Cyber Command (USCYBERCOM). Although not directly governed by the government, one of MISI’s fundamental tenets is offering independent validation of product claims for governmental use.
The NuRR technology works by operating a small agent quietly in the background on each endpoint. Triggered by the earliest signs of unusual or mass encryption, it captures and extracts the encryption keys from the process.
However, NuRR is not a solution for ransomware prevention; companies still require robust prevention systems. NuRR serves as a safety net when these prevention systems fail.
MISI conducted the testing at DreamPort for a period of four weeks, during which numerous popular ransomware variants were set off on Windows endpoints where NuRR was installed. It’s important to note that during this process, Nubeva maintained no connection or relationship with MISI.
The key objective of the tests was to scrutinize NuRR’s capacity to seize ransomware cryptographic keys and verify if Nubeva’s decryptors could subsequently restore the encrypted data. The variants used for this purpose included Lockbit 3, Blackcat/ALPHV, CL0P, PLAY, Black Basta, Ragnar Locker, Conti, REvil, among others—collectively representing a significant proportion of real attacks over the past year.
The findings, published in July 2023, revealed NuRR’s remarkable performance across all 17 of MISI’s tests with no recorded failures. The product showcased a 100% success rate in key capture. In addition, MISI noted that NuRR is both secure and easy to implement, even by a junior engineer. The report further added that the product “did not introduce observed system instabilities during test. NuRR does not open network ports or introduce vulnerabilities into an endpoint as measured by Nmap and BitDefender Total Security.”
The conclusion of the MISI report noted, “MISI is excited about this product and believes it shows real promise. Decryption is arguably one of the fastest and lowest data-loss means to recover data from a ransomware attack and, as such, represents a new potential layer of defense. Given these testing results and the simplicity of the NuRR decryption solution, we feel NuRR represents a very real potential safety-net for organizations to consider.”
Steve Perkins, CMO and head of product at Nubeva, highlighted the importance of the independent validation and expressed his confidence in the product, “We knew obtaining third-party validation was crucial to prove the viability of our technology for the broader audience. With this validation, we have proof to support our claims. We can help organizations. We can help people. We can decrypt ransomware.”