A few days ago, anticipating the events we announced the No More Ransom page. The site created by Interpol, the Dutch police, Kaspersky and Intel, offers a number of detection and decryption tools. You will also find many tips on how to protect your data from ransomware.
Today, Kaspersky Lab somewhat lately sent us the press release:
The Dutch Police, Europol, Intel Security and Kaspersky Lab joined forces to create the "No More Ransom", Which is a new step between co-operating law enforcement and the private sector to jointly combat the ransomware programs.
Through a new web portal (www.nomoreransom.org), the No More Ransom initiative is aimed at informing the public about the dangers of ransomware programs and helping victims to retrieve their data without having to pay ransom to digital criminals.
Ransomware is a type of malware that locks the victim's computer or encrypts its data, requiring an ransom to allow the recovery of the "infected" device or locked files. Today, ransomware programs are one of the top threats facing law enforcement authorities in the EU.
Almost two-thirds of EU Member States are investigating these types of attacks. While the goal is often the devices of individual users, corporate or government networks are not unaffected by this situation. At the same time, the number of victims is rising at an alarming rate. According to Kaspersky Lab data, the number of crypto-ransomware attackers increased by 550%: from 131.000 in the period 2014-2015 to 718.000 in the 2015-2016 period.
NoMoreRansom.org (No More Ransom)
Purpose of the site www.nomoreransom.org is to provide a useful online resource for the victims of ransomware programs. Users can find information about the types of ransomware programs, how they work and, most importantly, how to protect them from them. The update plays a key role around this issue as there are no tools for decrypting all existing types of malware. If a user's device is "infected", there is a great chance that its data will be lost forever. Using the Internet wisely and following a series of simple digital security tips, users can avoid "contamination".
The new No More Ransom initiative also provides tools that can help victims recover data that criminals have "locked in". At an early stage, the new web portal contains four decryption tools for different types of malware. The most recent was developed in June of 2016 for the Shade ransomware program.
Shade is a Trojan ransomware that first appeared at the end of 2014. Malware is spreading through malicious Web sites and "infected" attachments of emails. As soon as he enters the user's system, Shade encrypts the stored files and creates a .txt file containing a ransom note and instructions from digital criminals about what the user needs to do to get back his personal files . Shade uses powerful decryption algorithms for each encrypted file, with two random 256-bit AES keys created. One is used to encrypt the contents of the file while the other is used to encrypt the file name.
From 2014, Kaspersky Lab and Intel Security have blocked over 27.000 attempts to attack through Trojan Shade. Most cases were detected in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade's activity was also recorded in France, the Czech Republic, Italy and the USA.
In close collaboration and exchange of information between the various partners, Shade's Command & Control Server was confiscated, which was used by criminals to store decryption keys. These keys were reported to Kaspersky Lab and Intel Security. This helped to create a special tool, which can "download" victims through the portal of the No More Ransom initiative, to retrieve their data without paying criminals. The tool contains more than 160.000 keys.
No More Ransom Public and Private Sector Collaboration
The new No More Ransom initiative is non-commercial in nature and aims at cooperation between public and private actors in a common format. The initiative is open to cooperation with new partners due to the changing nature of ransomware programs, as digital criminals regularly create new variants.
Wilbert Paulissen, Director of the National Police Directorate for Criminal Investigation of the Dutch Police, said: "We, the Dutch police authorities, can not fight against digital crime on our own - and the programs ransomware particularly. This is a joint responsibility of the police, the Ministry of Justice, Europol, the IT companies and requires a joint effort. For this reason, I am very happy about our cooperation with Intel Security and Kaspersky Lab. Together we will do our best to stop criminals' money theft systems and return the encrypted records to their legitimate owners without the latter having to pay money. "
"Today, the biggest problem with crypto-ransomware programs is that users are directly paying criminals to take back the" locked "data they consider valuable. This strengthens illegal activities, so we are faced with an increase in the number of new players and the number of attacks. We can only change the situation if we coordinate our efforts to combat ransomware programs. The appearance of decryption tools is only the first step on this road. We expect this project to expand and soon there will be many more companies and law enforcement authorities from other countries who will fight with us to fight the ransomware programs, "said Jornt van der Wiel, Kaspersky Lab's Global Security and Research Researcher.
"No More Ransom demonstrates the value of public-private co-operation to take serious action against the fight against digital crime"Said Raj Samani, Intel Security Chief Technology Officer for EMEA. "This cooperation goes beyond sharing information, educating Internet users, and dismantling the groups behind these programs, by proceeding to actions that help effectively in repairing the damage caused to the victims. By restoring access to their systems, we provide users with confidence, showing them that they can act themselves and prevent the criminals from "rewarding" by paying ransom. "
Finally, Wil van Gemert, Deputy Director of Europol Operations, commented: "For a number of years, ransomware programs have been a major concern for prosecuting authorities in the EU. These malicious programs affect both citizens and businesses against computer and portable devices while criminals are developing increasingly sophisticated techniques to cause maximum impact on victim data. The No More Ransom initiative, like other similar programs, shows that cooperation between specialists and the League of Forces is the only way to successfully fight against digital crime. We believe that our initiative will help many people regain control of their files, while also raising awareness and informing the public about how to keep their devices' clean 'from malware'.
No More Ransom: Citizens must always report the attacks ransomware
It is extremely important to always report the attacks with ransomware, as it helps the prosecution authorities to have a more comprehensive and clear picture, thus enhancing their ability to neutralize the threats. The No More Ransom initiative offers victims the opportunity to report a crime, in-line with Europol's supervisory mechanism, which covers the national reporting mechanisms.
If in any way an Internet user falls victim to ransomware, it is important not to succumb to the pressure of the criminals and to pay a ransom. Each payment strengthens the actions of digital criminals. Moreover, the ransom payment offers no guarantee that access to the encrypted data will ultimately be granted to users.