Kaspersky Lab No More Ransom vs ransomware

A few days ago, anticipating the events we announced the No More Ransom page. The site created by Interpol, the Dutch police, the and Intel, offers a number of detection and decryption tools. You'll also find plenty of tips on how to protect your data from ransomware.

Today, Kaspersky Lab somewhat lately sent us the press release:

The Dutch Police, Europol, Intel Security and Kaspersky Lab joined forces to create the "No More Ransom", Which is a new step between co-operating law enforcement and the private sector to jointly combat the ransomware programs.

Through a new web portal (www.nomoreransom.org), the “No More Ransom” initiative aims to inform the public about the dangers of ransomware, as well as help victims to of their data without having to pay ransom to digital criminals.No More Ransom Press Conference

Το ransomware είναι ένα είδος κακόβουλου λογισμικού που κλειδώνει τον υπολογιστή του θύματος ή κρυπτογραφεί τα δεδομένα του, απαιτώντας την καταβολή λύτρων για να επιτρέψει την του ελέγχου της «μολυσμένης» συσκευής ή των κλειδωμένων αρχείων. Σήμερα, τα προγράμματα ransomware αποτελούν μια από τις κορυφαίες απειλές που καλούνται να αντιμετωπίσουν οι διωκτικές αρχές στην ΕΕ.

Almost two-thirds of EU member states conduct investigations into these forms of attack. While the target is often individual user devices, corporate or even government devices they are not unaffected by this situation. At the same time, the number of victims is increasing at an alarming rate. According to Kaspersky Lab data, the number of Internet users attacked by crypto-ransomware increased by 550%: from 131.000 in 2014-2015 to 718.000 in 2015-2016.

NoMoreRansom.org (No More Ransom)

Purpose of the site www.nomoreransom.org is to provide a useful πόρο για τα θύματα των προγραμμάτων ransomware. Οι χρήστες μπορούν να βρουν πληροφορίες για τα είδη των προγραμμάτων ransomware, πώς λειτουργούν και – το σημαντικότερο – πώς να προστατευτούν από αυτά. Η ενημέρωση παίζει ρόλο-κλειδί γύρω από αυτό το ζήτημα, καθώς δεν υπάρχουν εργαλεία για την αποκρυπτογράφηση όλων των υφιστάμενων τύπων κακόβουλου λογισμικού. Αν η συσκευή κάποιου χρήστη «μολυνθεί», υπάρχουν πολλές πιθανότητες να χαθούν για πάντα τα δεδομένα του. Χρησιμοποιώντας το Δια συνετά κι ακολουθώντας μια σειρά από απλές συμβουλές ψηφιακής s, users can avoid "contamination".

The new No More Ransom initiative also provides tools that can help victims recover data that criminals have "locked in". At an early stage, the new web portal contains four decryption tools for different types of malware. The most recent was developed in June of 2016 for the Shade ransomware program.

Shade is a Trojan ransomware that first appeared at the end of 2014. Malware is spreading through malicious Web sites and "infected" attachments of emails. As soon as he enters the user's system, Shade encrypts the stored files and creates a .txt file containing a ransom note and instructions from digital criminals about what the user needs to do to get back his personal files . Shade uses powerful decryption algorithms for each encrypted file, with two random 256-bit AES keys created. One is used to encrypt the contents of the file while the other is used to encrypt the file name.

From 2014, Kaspersky Lab and Intel Security have blocked over 27.000 attempts to attack through Trojan Shade. Most cases were detected in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade's activity was also recorded in France, the Czech Republic, Italy and the USA.

In close collaboration and exchange of information between the various partners, Shade's Command & Control Server was confiscated, which was used by criminals to store decryption keys. These keys were reported to Kaspersky Lab and Intel Security. This helped to create a special tool, which can "download" victims through the portal of the No More Ransom initiative, to retrieve their data without paying criminals. The tool contains more than 160.000 keys.

No More Ransom Public and Private Sector Collaboration

The new No More Ransom initiative has a non-commercial nature and aims at cooperation between public and private entities in a joint scheme. The initiative is open to cooperation with new partners, due to the changing of ransomware programs, as digital criminals create new variants on a regular basis.

Wilbert Paulissen, Director of the National Police Directorate for Criminal Investigation of the Dutch Police, said: "We, the Dutch police authorities, can not fight against digital crime on our own - and the programs ransomware particularly. This is a joint responsibility of the police, the Ministry of Justice, Europol, the IT companies and requires a joint effort. For this reason, I am very happy about our cooperation with Intel Security and Kaspersky Lab. Together we will do everything in our power to stop criminals' money-stealing schemes and return encrypted files to their rightful owners without the latter having to pay money."

"Today, the biggest with crypto-ransomware programs is that users directly pay criminals to get back the "locked" data they consider valuable. This enhances illegal activities and thus, we are faced with an increase in the number of new players and the number of attacks. We can only change the situation if we coordinate our efforts to fight ransomware. The emergence of decryption tools is only the first step on this road. We expect this project to expand and soon there will be many more companies and law enforcement authorities from other countries, fighting with us in the fight against ransomware." "said Jornt van der Wiel, Kaspersky Lab's Global Security and Research Researcher.

"No More Ransom demonstrates the value of public-private co-operation to take serious action against the fight against digital crime"Said Raj Samani, Intel Security Chief Technology Officer for EMEA. "This cooperation goes beyond sharing information, educating Internet users, and dismantling the groups behind these programs, by proceeding to actions that help effectively in repairing the damage caused to the victims. By restoring access to their systems, we provide users with confidence, showing them that they can act themselves and prevent the criminals from "rewarding" by paying ransom. "  

Finally, Wil van Gemert, Deputy Director of Europol Operations, commented: "For a number of years, ransomware programs have been a major concern for prosecuting authorities in the EU. These malicious programs affect both citizens and businesses against computer and portable devices while criminals are developing increasingly sophisticated techniques to cause maximum impact on victim data. The No More Ransom initiative, like other similar programs, shows that cooperation between specialists and the League of Forces is the only way to successfully fight against digital crime. We believe that our initiative will help many people regain control of their files, while also raising awareness and informing the public about how to keep their devices' clean 'from malware'.

No More Ransom: Citizens must always report the attacks ransomware

It is extremely important to always report ransomware attacks, as this helps law enforcement authorities have a more comprehensive and clear picture, thus enhancing their ability to neutralize threats. The No More Ransom website offers victims the ability to report a crime, online with Europol's supervisory mechanism, which covers national reporting mechanisms.

If in any way an Internet user falls victim to ransomware, it is important not to succumb to the pressure of the criminals and to pay a ransom. Each payment strengthens the actions of digital criminals. Moreover, the ransom payment offers no guarantee that access to the encrypted data will ultimately be granted to users.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).