A few days ago, anticipating the events we announced the No More Ransom page. The site created by Interpol, the Dutch police, Kaspersky and Intel, offers a number of detection and decryption tools. You will also find many tips on how to protect your data from ransomware.
Today, Kaspersky Lab somewhat lately sent us the press release:
The Dutch Police, Europol, Intel Security and Kaspersky Lab joined forces to create the "No More Ransom", Which is a new step between co-operating law enforcement and the private sector to jointly combat the ransomware programs.
Through a new web portal (www.nomoreransom.org), the No More Ransom initiative is aimed at informing the public about the dangers of ransomware programs and helping victims to retrieve their data without having to pay ransom to digital criminals.
Ransomware is a type of malware that locks the victim's computer or encrypts its data, demanding a ransom be paid to allow it to regain control of the "infected" devices or locked files. Today, ransomware is one of the top threats that law enforcement in the EU has to deal with.
Almost two-thirds of EU Member States are investigating these types of attacks. While the goal is often the devices of individual users, corporate or government networks are not unaffected by this situation. At the same time, the number of victims is rising at an alarming rate. According to Kaspersky Lab data, the number of crypto-ransomware attackers increased by 550%: from 131.000 in the period 2014-2015 to 718.000 in the 2015-2016 period.
NoMoreRansom.org (No More Ransom)
Purpose of the site www.nomoreransom.org is to provide a useful online resource for the victims of ransomware programs. Users can find information about the types of ransomware programs, how they work and, most importantly, how to protect them from them. The update plays a key role around this issue as there are no tools for decrypting all existing types of malware. If a user's device is "infected", there is a great chance that its data will be lost forever. Using the Internet wisely and following a series of simple digital security tips, users can avoid "contamination".
The new No More Ransom initiative also provides tools that can help victims recover data that criminals have "locked in". At an early stage, the new web portal contains four decryption tools for different types of malware. The most recent was developed in June of 2016 for the Shade ransomware program.
Shade is a ransomware Trojan που πρωτοεμφανίστηκε στα τέλη του 2014. Το κακόβουλο λογισμικό διαδίδεται μέσω κακόβουλων ιστοσελίδων και «μολυσμένων» συνημμένων αρχείων ηλεκτρονικού ταχυδρομείου. Μόλις εισέλθει στο σύστημα του χρήστη, το Shade κρυπτογραφεί τα αποθηκευμένα αρχεία και δημιουργεί ένα αρχείο .txt, το οποίο περιέχει ένα σημείωμα για λύτρα και οδηγίες από τους ψηφιακούς εγκληματίες για το τι πρέπει να κάνει ο χρήστης, ώστε να πάρει πίσω τα προσωπικά του αρχεία. Το Shade χρησιμοποιεί ισχυρούς αλγόριθμους αποκρυπτογράφησης για κάθε κρυπτογραφημένο αρχείο, με δύο τυχαία 256-bit AES κλειδιά να δημιουργούνται. Το ένα χρησιμοποιείται για την κρυπτογράφηση του περιεχόμενου του αρχείου, ενώ το άλλο χρησιμοποιείται για να κρυπτογραφήσει το name of the file.
From 2014, Kaspersky Lab and Intel Security have blocked over 27.000 attempts to attack through Trojan Shade. Most cases were detected in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade's activity was also recorded in France, the Czech Republic, Italy and the USA.
With the close cooperation and sharing of information between the various partners, Command & Control Shade's server, which was used by criminals to store decryption keys. These keys were shared with Kaspersky Lab and Intel Security. This helped create a special tool that victims can 'download' through the No More Ransom portal to recover their data without paying the criminals. The tool contains more than 160.000 keys.
No More Ransom Public and Private Sector Collaboration
The new No More Ransom initiative is non-commercial in nature and aims at cooperation between public and private actors in a common format. The initiative is open to cooperation with new partners due to the changing nature of ransomware programs, as digital criminals regularly create new variants.
Wilbert Paulissen, Director of the National Police Directorate for Criminal Investigation of the Dutch Police, said: "We, the Dutch police authorities, can not fight against digital crime on our own - and the programs ransomware particularly. This is a joint responsibility of the police, the Ministry of Justice, Europol, the IT companies and requires a joint effort. For this reason, I am very happy about our cooperation with Intel Security and Kaspersky Lab. Together we will do everything in our power to stop criminals' money-stealing schemes and return encrypted files to their rightful owners without the latter having to pay money."
"Today, the biggest problem with crypto-ransomware programs is that users are directly paying criminals to take back the" locked "data they consider valuable. This strengthens illegal activities, so we are faced with an increase in the number of new players and the number of attacks. We can only change the situation if we coordinate our efforts to combat ransomware programs. The appearance of decryption tools is only the first step on this road. We expect this project to expand and soon there will be many more companies and law enforcement authorities from other countries who will fight with us to fight the ransomware programs, "said Jornt van der Wiel, Kaspersky Lab's Global Security and Research Researcher.
"No More Ransom demonstrates the value of public-private co-operation to take serious action against the fight against digital crime"Said Raj Samani, Intel Security Chief Technology Officer for EMEA. "This cooperation goes beyond sharing information, educating Internet users, and dismantling the groups behind these programs, by proceeding to actions that help effectively in repairing the damage caused to the victims. By restoring access to their systems, we provide users with confidence, showing them that they can act themselves and prevent the criminals from "rewarding" by paying ransom. "
Finally, Wil van Gemert, Deputy Director of Europol Operations, commented: "For a number of years, ransomware programs have been a major concern for prosecuting authorities in the EU. These malicious programs affect both citizens and businesses against computer and portable devices while criminals are developing increasingly sophisticated techniques to cause maximum impact on victim data. The No More Ransom initiative, like other similar programs, shows that cooperation between specialists and the League of Forces is the only way to successfully fight against digital crime. We believe that our initiative will help many people regain control of their files, while also raising awareness and informing the public about how to keep their devices' clean 'from malware'.
No More Ransom: Citizens must always report the attacks ransomware
It is extremely important to always report the attacks with ransomware, as it helps the prosecution authorities to have a more comprehensive and clear picture, thus enhancing their ability to neutralize the threats. The No More Ransom initiative offers victims the opportunity to report a crime, in-line with Europol's supervisory mechanism, which covers the national reporting mechanisms.
If in any way an Internet user falls victim to ransomware, it is important not to succumb to the pressure of the criminals and to pay a ransom. Each payment strengthens the actions of digital criminals. Moreover, the ransom payment offers no guarantee that access to the encrypted data will ultimately be granted to users.
