Strength in Numbers: IT Security and European Law Enforcement Launch No More Ransom

By Kaspersky Lab Ransomware has been growing as a popular method employed by cybercriminals to obtain money. A type of malware, ransomware is deployed on a user’s networks...

By Kaspersky Lab

Ransomware has been growing as a popular method employed by cybercriminals to obtain money. A type of malware, ransomware is deployed on a user’s networks to encrypt data or lock a device with the key being made available by the attackers for the cost of a ransom. The EU has deemed this a significant threat with two thirds of EU member states currently investigating high proportions of this form of attack within their own countries.

The rate of increase is alarming and research from Kaspersky Labs Data Security experts shows the number of users who fell victim to such an attack rose from 131,000 to 718,000 in 2015-2016; that’s a shocking increase of 550%!

Whilst victims tend to be individuals, public and private networks are also being targeted with a good deal of success.

In response to the increase in the number of attacks, Europol and the Dutch National Place has teamed up with Kaspersky Labs and Intel Security to launch NoMoreRansom.org. The two data security companies are all too familiar with the rise of ransomware in Europe with Germany, Austria, Russia, Ukraine and Kazakhstan receiving the most significant amount of threats from the effective Shade Trojan.

A public solution to secure privacy

The website is aimed at providing a public resource for educating users and providing tools for the victims of ransomware. With information on the dangers of ransomware and how to protect yourself from attack to tools designed to help identify and decrypt the malware that you have been infected with the site is an important and useful step in the fight against crypto-ransomware attacks.

The principles of safe internet use are drilled home with the dangers of such malware infections being stripped bare; if you get an infection then the chances of your data being recoverable is very low. Visitors are given explicit advice on how to safe online including keeping an active and up-to-date cyber defence solution in place, exercising caution with suspicious websites and never opening attachments from unsolicited (or unexpected) emails.

Avoiding infection is obviously the preferred method of defence but victims of an attack can’t access decryption tools and keys to help recover their data and/or control of their device(s).

The latest development of the portal contains a decryption tool for the Shade variant of this common but disruptive malware.

Discovered in 2014, Shade is propagated via infected emails and malicious websites that downloads itself to a device and encrypts every file. The only file which can be launched is a .txt file which is a ransom note containing instructions about how to regain access. The Shade Trojan uses random 256-bit AES keys to encrypt the file’s name and contents in order to prevent detection.

However, thanks to NoMoreRansom.org the key to retrieving your data under encryption from the Shade Trojan can be downloaded for free.

Strength in numbers

The collaborative power of these four organisations has created a central focus point for sharing information relating to ransomware that will prove immensely useful to the general public as well as private and government organisations. In fact, the key to the portal remaining useful is in the strength of the numbers of victims who share their experiences.

At present the portal offers over 160,000 keys to help retrieve data but, as we know, the landscape of cybercrime evolves at an alarming rate so cooperation is at the heart of this initiative to help the tool remain current and effective.

A non-commercial venture, NoMoreRansom.org, has made a public plea for help. Jornt ven der Wiel, Security Researcher at Kaspersky Labs:

“The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back. That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result. We can only change the situation if we coordinate our efforts to fight against ransomware. The appearance of decryption tools is just the first step on this road. We expect this project to be extended, and soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together”

It is hoped that the scheme will be an effective method for choking the supply of ill-gotten rewards to cybercriminals and empower individuals to regain control of their systems and data without penalty.  In addition, the initiative should also act as an effective tool to educate users about the risks of ransomware and help keep them safe from attacks.

How you can get involved

Even if you haven’t been a victim of a Trojan attack involving ransomware the site is an incredibly useful tool to help educate you and members of your family or organisation. The prevention advice may be familiar to you but is specific to variants you may not be. If you are a victim of data encryption then you can access the online tools to help identify the virus and recover your files without paying a ransom. And, importantly, there is a means by which you can report the crime. Only by reporting these incidences can the authorities understand the scale of the problem, monitor the success of the scheme and ensure that NoMoreRansom receives the funding to continue this important work.

Lastly, never attempt to pay a ransom for your files to be decrypted as doing so does not guarantee a satisfactory outcome.

In this article

Join the Conversation