Serious players in the ransomware scene don’t use malware for which decryption tools are publicly available, however. At this point, incident response consultants may be able to determine how the actor was able to gain access to the victim organization’s infrastructure but that is heavily dependent upon factors like the actor’s “dwell time”