Kaspersky-backed No More Ransom adds partners, decryption tools; available in more languages



The global fight against ransomware continues to gather pace with over 30 new partners from both the public and private sector joining the No More Ransom project. Bitdefender, Emsisoft, Check Point and Trend Micro join the project as new associate partners.

As a result, new decryption tools have been added to nomoreransom.org, joining the eight tools already available free of charge to victims. Nearly 6,000 people have so far decrypted their files without having to pay the criminals.

The Dutch National Police, Europol, Intel Security and Kaspersky Lab join forces in July this year to launch No More Ransom, a new step in the cooperation between law enforcement and the private sector to fight ransomware together. No More Ransom is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals.

Ransomware is a type of malware that locks the victims’ computer or encrypts their data, demanding them to pay a ransom in order to regain control over the affected device or files. Ransomware is a top threat for EU law enforcement: almost two-thirds of EU Member States are conducting investigations into this form of malware attack.

While the target is often individual users’ devices, corporate and even government networks are affected as well. The number of victims is growing at an alarming rate: according to Kaspersky Lab, the number of users attacked by crypto-ransomware rose by 5.5 times, from 131 000 in 2014-2015 to 718 000 in 2015-2016.

From 2014, Kaspersky Lab and Intel Security prevented more than 27 000 attempts to attack users with Shade Trojan. Most of the infections occurred in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade activity was also registered in France, Czech Republic, Italy, and the US.

By working together and sharing information between different parties, the Shade command and control server used by criminals to store keys for decryption was seized, and the keys were shared with Kaspersky Lab and Intel Security. That helped to create a special tool which victims can download from the No More Ransom portal to retrieve their data without paying the criminals. The tool contains more than 160.000 keys.

The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella. Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners’ cooperation.

The new partners bring with them more decryption tools, offering new possibilities to victims of ransomware.

On the project’s web portal, people can find information on what ransomware is, how it works and, most importantly, how to protect themselves and unlock files for free using one of the decryption tools.

Ransomware is a global epidemic, affecting people all over the world. To better reflect this, the online portal is now available not only in English, but also in Dutch, Russian, French, Italian and Portuguese, with more languages to be added soon.

The aim of the online portal is to provide a helpful online resource for victims of ransomware. Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves. Awareness is key as there are no decryption tools for all existing types of malware available to this day. If infected, the chances are high that the data will be lost forever. Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place.

The project provides users with tools that may help them recover their data once it has been locked by criminals. In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June this year for the Shade variant.

New supporting partners are AnubisNetworks, AON, Armor, Association for Preventing and Countering Frauds (APCF), BH Consulting, CECyF (Centre Expert contre la Cybercriminalité Français), Cyberlaws.NET, Cylance Inc., DATTO, Inc., ESET, FS-ISAC (Financial Services – Information Sharing & Analysis Center), G-DATA Software AG, Heimdal Security, s21Sec, Smartfense, SWITCH, Ukrainian Interbank Payment Systems Member Association (EMA), CERT-EU (Computer Emergency Response Team for the EU institutions, agencies and bodies), IRISS CERT (Irish Reporting and Information Security Service), CIRCL.LU (Computer Incident Response Center Luxembourg), and SI-CERT (Slovenian Computer Emergency Response Team).

The Austrian, Croatian, Danish, Finnish, Maltese, Romanian, Singaporean and Slovenian police services also join as supporting partners, which brings the total number of countries involved to 22.

“Almost nobody is safe from ransomware. Our data shows that, over the last year, attacks on businesses increased three-fold, which represents a change from an attack every 2 minutes to one every 40 seconds,” said said Jornt van der Wiel, Security Researcher at the Global Research and Analysis Team at Kaspersky Lab. “For individuals, the rate of increase went from every 20 seconds to every 10 seconds. This was matched by a surge in new types of ransomware. Too many people still believed they had no alternative but to pay up, even though many that paid the ransom never got their files back – including one in five businesses. And this project provides an alternative – to unlock your files without paying the ransom.”

Both the private sector and law enforcement are stepping up efforts to fight the cybercriminals who are using ransomware to deprive their victims of large amounts of money. However, awareness remains key to stopping ransomware from being successful.

Some simple protection measures can prevent a lot of harm: always have a backup system in place so a ransomware infection can’t destroy personal data forever, use robust antivirus software to protect the system from ransomware, keep all the software on the computer up to date and, since any account can be compromised, remain cautious at all times.

Leave a Reply

WWPI – Covering the best in IT since 1980