The “No More Ransom” Initiative
As the threat of ransomware is escalating quickly and isn’t dying anytime soon, it is upon organizations to join forces and to combat the malware as best as they can. In some of the recent studies, Google concluded that “ransomware is here to stay”. The way to fight those threats for an individual is keeping systems up-to-date and security patches applied, so it will offer protection from the majority of ransomware strains. But on the other hand, it is noted that some pay ransom, estimated to be up to $25 million over only two years – and that’s what is keeping ransomware alive. Victims range from individuals to large corporations, are most of them are requested to pay their ransom in bitcoins, making the funds – and the criminals – highly difficult to track.
The project called NoMoreRansom.org is a joint initiative of the National High Tech Crime Unit of the Netherlands’ Police, Europol’s European Cybercrime Centar and two big cybersecurity companies – Kaspersky Lab and Intel Security.
It is often advised that if you are ever subject to a ransomware attack, you should not pay the ransom because then you will lack any security of regaining access to your data and it will fund criminals involved in these schemes.
However, NoMoreRansom.org is working to make free decryption tools that are available for a number of this ransomware. This initiative also emphasized ransomware prevention via many methods, including education about the need for back-ups and antivirus software. The group also noted that it has successfully taken down the malicious infrastructure used by the gang behind the Shade ransomware, which made free decryption for 160,000 victims.
The NoMoreRansom site offers four decryption tools that decrypt a range of ransomware variants, including CoinVault, Cryptokluchen, Rannoh, and TeslaCrypt. Furthermore, it includes a new decryptor called ShadeDecryptor for Shade malware.
The site offers ransomware victims to upload samples of encrypted files and it will scan it to see if the ransomware variant can be decrypted via the available tools. There is also a way for the victims in Europe and the United States to report infections to authorities to help them to trace ransomware crooks. Since it is a noncommercial effort any other public or private organizations are welcome to join.
The reason why many criminals turned to ransomware is that the ransom demands are payable only in bitcoin so it makes the money that flows very though for the authorities to trace. For example, Shade first appeared in late 2014, but it soon became of the three most widespread crypto-locking programs that targeted primarily Russia, Ukraine, and Germany, but also there were victims in the United State and France. The ransom variations were between $590 and $395 if you negotiated.
The site has celebrated the third anniversary rolling out a few new statistics, saying that it has helped more than 200,000 people to recover files after an attack occurred. It is noted that it has registered 3 million visitors from 188 countries and stopped about $108 million in ransom demands. For example, the joined forces helped to save roughly $50 million in ransom payments against GandCab, which is considered to be one of the most aggressive ransomware attacks throughout the previous year.
What helps with the site is that it is available in 35 languages and is powered by the contributions of 150 partners.
One of the reasons that victims are still suffering from the ransomware attacks is that they are often willing to pay their attackers in order to regain control of their files and computer systems. Due to the lack of public awareness, ransomware attacks continue to happen frequently. In June alone, two cities in Florida – Riviera Beach and Lake City – agreed to make Bitcoin ransom payments which were worthy almost $600,000 and $460,000 respectively. Surely, every time a victim pays hundreds of thousands of dollars to a cybercriminal, the payment reinforces the faith of the criminals in their business model. In order to stop this practice, the victims must stop paying these ransoms. Ransomware should be made unprofitable in order for it to stop affecting the organizations and people.
Paying the ransom may be sometimes advised by the forces of law, but it does not guarantee that the victims will get back their files and furthermore may serve as the fund of other criminal activities. F.B.I often advises using preventive measures, as patching software and backing up data. Those of the affected who do not have offline backups also have options. NoMoreRansom provides more than 100 decryption tools that are available on the site. As the victim may not know whether they have been infected by the Marlboro or Pylocy or the Popcorn – they just need to upload the encrypted files that were created by ransomware and NoMoreRansom will let them know if it has any tools that can help.
What’s left for this fantastic organization is to join forces with F.B.I which has been reluctant in doing so, but maybe they have finally changed the opinion, in order to create all around the world the trustworthy resources that can promote stopping the ransomware and cutting the cybercriminals’ profits.
Source: Official website