Connect with us

Hi, what are you looking for?



Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab

100% key capture rate and successful ransomware decryption shows progress in ransomware defense capabilities.

Ransomware Decryption

NuRR is a product that claims to intercept and capture the encryption keys at the start of a ransomware’s encryption process. With the keys caught, any successful encryption can be rapidly decrypted without paying a ransom.

These claims were tested at MISI’s DreamPort facility in Columbia, MD. MISI is a non-profit organization purposed with driving discovery, education, collaboration, and innovation in cybersecurity. The DreamPort facility was created in partnership with US Cyber Command (USCYBERCOM) but is neither owned nor operated by the  government. One of the key pillars of MISI’s operation is to provide independent validation of product claims for government.

NuRR (Nubeva Ransomware Reversal) was developed by San Jose, California-based Nubeva. The technology involves a small agent operating in the  background on each endpoint. It is automatically activated by the first signs of anomalous or mass encryption. It listens to the process and captures and extracts the encryption keys. These keys can be used to decrypt any files successfully encrypted by the ransomware.

It is worth noting that NuRR is not a ransomware prevention system. Companies still require ransomware prevention; but NuRR can be considered a fail-safe solution for when prevention fails.

The claims were tested at DreamPort over a four week period. Popular ransomware variants were detonated on Windows endpoints with NuRR installed (99% of ransomware is performed on a Windows OS). Nubeva had no relationship or connection with MISI during this process.

The primary purpose of the testing was to analyze NuRR’s ability to capture ransomware cryptographic keys, and to test whether Nubeva’s decryptors could then restore the encrypted data. The ransomware variants used in this testing included Lockbit 3, Blackcat/ALPHV, CL0P, PLAY, Black Basta, Ragnar Locker, Conti, REvil, and others amounting to a high percentage of real attacks over the last year.

The results of the testing were made available in July 2023 (summary). NuRR succeeded in all 17 of MISI’s tests, with zero failures. It demonstrated 100% success in capturing keys. MISI also noted that the product is simple and secure: it is “trivial to implement and use for a junior engineer,” and “did not introduce observed system instabilities during test. NURR does not open network ports or introduce vulnerabilities into an endpoint as measured by Nmap and BitDefender Total Security.”

Advertisement. Scroll to continue reading.

The MISI report concludes, “MISI is excited about this product and believes it shows real promise. Decryption is arguably one of the fastest and lowest data-loss means to recover data from a ransomware attack and, as such, represents a new potential layer of defense. Given these testing results and the simplicity of the NuRR decryption solution, we feel NuRR represents a very real potential safety-net for organizations to consider.”

“We knew obtaining third-party validation was crucial to prove the viability of our technology for the broader audience. With this validation, we have proof to support our claims,” Steve Perkins, CMO and head of product at Nubeva told SecurityWeek. “We can help organizations. We can help people. We can decrypt ransomware.” 

Related: Can Encryption Key Intercepts Solve The Ransomware Epidemic?

Related: New Ransomware With RAT Capabilities Impersonating Sophos

Related: Recycling Giant Tomra Takes Systems Offline Following Cyberattack

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.