Public, Private Sector Team to Fight Ransomware

Security firms and law enforcement launch No More Ransom, a web-based effort dedicated to ransomware awareness and decryption tools.

Knowing where to turn for help when victimized by ransomware isn’t always clear. Should you pay the ransom? Are there alternatives to getting your precious data back? Who can you turn to for help?

In an effort to answer those questions and help victims retrieve data encrypted by ransomware a unique public and private sector initiative launched this week called No More Ransom. The project has the backing of Kaspersky Lab, Intel Security and the Dutch National Police, and Europol. The goal is simple: outsmart the ransomware crooks and put them out of business.

No More Ransom offers consumers and business not just sound advice on how to avoid becoming a victim of ransomware, but offers decryption keys that allow victims of ransomware to unlock their files and avoid having to pay the bad guy a hefty ransom.

“The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back. That boosts the underground economy,” said Jornt van der Wiel, security researcher at Global Research and Analysis Team, Kaspersky Lab.

No More Ransom backers say fighting ransomware requires transcending borders and a public and private partnership where the industry can offer solutions as a public service. The cooperative effort is in response to a massive uptick in crypto-ransomware victims that rose 550 percent between 2014 and 2015 (from 131,000 to 728,000), according to Kaspersky Lab data.

“We, the Dutch police, cannot fight against cybercrime and ransomware in particular, alone. This is a joint responsibility of the police, the justice department, Europol, and ICT companies, and requires a joint effort,” said Wilbert Paulissen, director of the National Criminal Investigation Division of National Police of the Netherlands.

The initiative offers four decryptors that can snuff out the threat of nearly two dozen ransomware variants, from CryptXXX to Shade to CoinVault. The Shade decryption tool alone has 160,000 keys. The Shade decryption key, an important asset in the No More Ransom arsenal, has already blocked 27,000 attempts to attack users with Shade Trojan. No More Ransom says more decryption keys will be added as the project matures.

Organizers say they have been working for months to launch No More Ransom and that the goal is to attract others security vendors and law enforcement agencies to help fight the scourge of ransomware across the globe. With Shade, for example, law enforcement and the private sector shared intelligence that allowed police to locate and seize Shade decryption keys stored on the cybercriminal’s command and control server.

“This initiative shows the value of public-private cooperation in taking serious action in the fight against cybercrime,” said Raj Samani, EMEA CTO for Intel Security. “This collaboration goes beyond intelligence sharing, consumer education, and takedowns to actually help repair the damage inflicted upon victims.”

In Europe ransomware has become a top concern for EU law enforcement trying to protect consumers, business and government, said Deputy Director of Europol, Operations, Wil van Gemert. No More Ransom hopes to pool the best resources together in an effort to stay one step ahead of ransomware criminals, he said.

“Initiatives like the No More Ransom project shows that linking expertise and joining forces is the way to go in the successful fight against cybercrime,” Gemert said.

Suggested articles