No More Ransom: A global threat requires international cooperation

July 25, 2016

Kaspersky Lab, the Dutch National Police, Europol, and Intel Security are joining forces to launch a new initiative to battle ransomware worldwide. The initiative is called “No More Ransom.”

The problem of ransomware — a type of malware that locks victims’ computers or encrypts their data, demanding a ransom to restore control — has become really pressing in recent years. EU law enforcement considers it a top threat; almost two-thirds of EU Member States are conducting investigations into this form of malware attack.

Although ransomware’s target is often individual users’ devices, corporate and even government networks are affected as well.  The number of victims is growing at an alarming rate: According to Kaspersky Lab, the number of users attacked by cryptoransomware rose by 550%, from 131,000 in 2014–2015 to 718,000 in 2015–2016.

The initiative currently takes the form of a dedicated online portal, No More Ransom (http://www.nomoreransom.org), launched jointly by the participants of the initiative.

ransom1

The portal’s aim is to provide a helpful online resource for users: they can find information on what ransomware is, how it works, and how to avoid attacks. It is also aimed at provision of assistance to the victims of ransomware. No More Ransom provides them with the four malware decryption tools that are currently available. The newest of them can help in case of infection with most widespread versions of Shade.

Because of the joint effort between law enforcement organizations and private entities, the Shade command-and-control (C&C) servers were seized. More than 160,000 encryption keys were shared with Kaspersky Lab and Intel Security, and now they are available publicly at No More Ransom.

This portal also offers victims the opportunity to report a crime, directly connecting them with Europol’s national reporting mechanisms, which is an extremely important step to help authorities get a clearer overall picture and a greater capacity to mitigate the threat.

“The biggest problem with cryptoransomware today is that when users have precious data locked down, they readily pay criminals to get it back,” says Jornt van der Wiel, a security researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT). “That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result. We can only change the situation if we coordinate our efforts to fight against ransomware. The appearance of decryption tools is just the first step on this road. We expect this project to be extended, and soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together.”

More information is available at http://www.nomoreransom.org/.

You can read more about ransomware here on the Kaspersky Business blog: