The Dutch National Police, Europol, Intel Security and Kaspersky Lab have launched an online portal aimed at informing the public about ransomware. Known as No More Ransom, the portal will also help victims recover their data without having to pay ransom to the cybercriminals.
Ransomware is a type of malware that locks the victims’ computer or encrypts their data, demanding them to pay a ransom in order to regain control over the affected device or files. The malware is a top threat for EU law enforcement: almost two-thirds of EU Member States are conducting investigations into this form of malware attack. While the target is often individual users’ devices, corporate and even government networks are affected as well.
The aim of the online portal www.nomoreransom.org is to provide a helpful online resource for victims of ransomware. Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves. Awareness is key as there are no decryption tools for all existing types of malware available to this day. If you are infected, the chances are high that the data will be lost forever. Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place.
The project provides users with tools that may help them recover their data once it has been locked by criminals. In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant.
Shade is a ransomware-type Trojan that emerged in late 2014. The malware is spread via malicious websites and infected email attachments. After getting into the user’s system, Shade encrypts files stored on the machine and creates a .txt file containing the ransom note and instructions from cybercriminals on what to do to get user’s personal files back. Shade use strong decryption algorithm for each encrypted file, with two random 256-bit AES keys generated: one is used to encrypt the file’s contents, while the other is used to encrypt the file name.
“We, the Dutch police, cannot fight against cybercrime and ransomware in particular, alone. This is a joint responsibility of the police, the justice department, Europol, and ICT companies, and requires a joint effort. This is why I am very happy about the police’s collaboration with Intel Security and Kaspersky Lab. Together we will do everything in our power to disturb criminals’ money making schemes and return files to their rightful owners without the latter having to pay loads of money.” Wilbert Paulissen, Director of the National Criminal Investigation Division of National Police of the Netherlands said.
Public – private cooperation
The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella. Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners’ cooperation.
“The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back. That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result. We can only change the situation if we coordinate our efforts to fight against ransomware. The appearance of decryption tools is just the first step on this road. We expect this project to be extended, and soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together”, Jornt van der Wiel, Security Researcher at Global Research and Analysis Team, Kaspersky Lab said.
According to Kaspersky Lab, the number of users attacked by crypto-ransomware rose by 550%, from 131 000 in 2014-2015 to 718 000 in 2015-2016. This new step in the cooperation between law enforcement and the private sector to fight the threat together.