A few days ago, anticipating the events we announced the No More Ransom page. The site created by Interpol, the Dutch police, Kaspersky and Intel, offers a number of detection and decryption tools. You will also find many tips on how to protect your data from ransomware.
Today, Kaspersky Lab somewhat lately sent us the press release:
The Dutch Police, Europol, Intel Security and Kaspersky Lab joined forces to create the "No more Ransom", Which is a new step between co-operating law enforcement and the private sector to jointly combat the ransomware programs.
Through a new web portal (www.nomoreransom.org), the No More Ransom initiative is aimed at informing the public about the dangers of ransomware programs and helping victims to retrieve their data without having to pay ransom to digital criminals.
Ransomware is a type of malware that locks the victim's computer or encrypts its data, requiring an ransom to allow the recovery of the "infected" device or locked files. Today, ransomware programs are one of the top threats facing law enforcement authorities in the EU.
Almost them two τρίτα των κρατών-μελών της ΕΕ διεξάγουν έρευνες σχετικά με αυτές τις μορφές επίθεσης. Ενώ ο στόχος είναι συχνά οι συσκευές μεμονωμένων χρηστών, τα εταιρικά ή και τα κυβερνητικά δίκτυα δεν μένουν ανεπηρέαστα από αυτή την κατάσταση. Ταυτόχρονα, ο αριθμός των θυμάτων αυξάνεται με ανησυχητικό ρυθμό. Σύμφωνα με στοιχεία της Kaspersky Lab, ο αριθμός των χρηστών του Διαδικτύου που έχουν δεχτεί επίθεση από crypto-ransomware αυξήθηκε κατά 550%: από 131.000 την περίοδο 2014-2015 σε 718.000 την περίοδο 2015-2016.
NoMoreRansom.org (No More Ransom)
Purpose of the site www.nomoreransom.org is to provide a useful online resource for ransomware victims. Users can find information about the types of ransomware, how they work, and – most importantly – how to protect themselves from them. Update plays a key role around this issue as there are no tools to decrypt all existing types of malware. If a user's device gets "infected", there is a good chance that their data will be lost forever. By using the internet wisely and following a number of simple digital safety tips, users can avoid getting 'infected'.
The new No More Ransom initiative also provides tools that can help victims recover data that criminals have "locked in". At an early stage, the new web portal contains four decryption tools for different types of malware. The most recent was developed in June of 2016 for the Shade ransomware program.
Shade is a Trojan ransomware that first appeared at the end of 2014. Malware is spreading through malicious Web sites and "infected" attachments of emails. As soon as he enters the user's system, Shade encrypts the stored files and creates a .txt file containing a ransom note and instructions from digital criminals about what the user needs to do to get back his personal files . Shade uses powerful decryption algorithms for each encrypted file, with two random 256-bit AES keys created. One is used to encrypt the contents of the file while the other is used to encrypt the file name.
Since 2014, Kaspersky Lab and Intel Security have blocked over 27.000 attempted attacks through Trojan Shade. Most cases were detected in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade activity was also recorded on France, the Czech Republic, Italy and the USA.
In close collaboration and exchange of information between the various partners, Shade's Command & Control Server was confiscated, which was used by criminals to store decryption keys. These keys were reported to Kaspersky Lab and Intel Security. This helped to create a special tool, which can "download" victims through the portal of the No More Ransom initiative, to retrieve their data without paying criminals. The tool contains more than 160.000 keys.
No More Ransom Public and Private Sector Collaboration
The new No More Ransom initiative is non-commercial in nature and aims at cooperation between public and private actors in a common format. The initiative is open to cooperation with new partners due to the changing nature of ransomware programs, as digital criminals regularly create new variants.
Wilbert Paulissen, Director of the National Police Directorate for Criminal Investigation of the Dutch Police, said: "We, the Dutch police authorities, can not fight against digital crime on our own - and the programs ransomware particularly. This is a joint responsibility of the police, the Ministry of Justice, Europol, the IT companies and requires a joint effort. For this reason, I am very happy about our cooperation with Intel Security and Kaspersky Lab. Together we will do everything in our power to stop criminals' money-stealing schemes and return encrypted files to their rightful owners without the latter having to pay money."
"Today, the biggest problem with crypto-ransomware programs is that users are directly paying criminals to take back the" locked "data they consider valuable. This strengthens illegal activities, so we are faced with an increase in the number of new players and the number of attacks. We can only change the situation if we coordinate our efforts to combat ransomware programs. The appearance of decryption tools is only the first step on this road. We expect this project to expand and soon there will be many more companies and law enforcement authorities from other countries who will fight with us to fight the ransomware programs, "said Jornt van der Wiel, Kaspersky Lab's Global Security and Research Researcher.
"No More Ransom demonstrates the value of public-private co-operation to take serious action against the fight against digital crime», δήλωσε ο Raj Samani, Chief Technology Officer της Intel Security για την περιοχή EMEA. "This cooperation goes beyond sharing information, educating Internet users, and dismantling the groups behind these programs, by proceeding to actions that help effectively in repairing the damage caused to the victims. By restoring access to their systems, we provide users with confidence, showing them that they can act themselves and prevent the criminals from "rewarding" by paying ransom. "
Finally, Wil van Gemert, Deputy Director of Europol Operations, commented: "For a number of years, ransomware programs have been a major concern for prosecuting authorities in the EU. These malicious programs affect both citizens and businesses against computer and portable devices while criminals are developing increasingly sophisticated techniques to cause maximum impact on victim data. The No More Ransom initiative, like other similar programs, shows that cooperation between specialists and the League of Forces is the only way to successfully fight against digital crime. We believe that our initiative will help many people regain control of their files, while also raising awareness and informing the public about how to keep their devices' clean 'from malware'.
No More Ransom: Citizens must always report the attacks ransomware
It is extremely important to always report the attacks with ransomware, as it helps the prosecution authorities to have a more comprehensive and clear picture, thus enhancing their ability to neutralize the threats. The No More Ransom initiative offers victims the opportunity to report a crime, in-line with Europol's supervisory mechanism, which covers the national reporting mechanisms.
If in any way an Internet user falls victim to ransomware, it is important not to succumb to the pressure of the criminals and to pay a ransom. Each payment strengthens the actions of digital criminals. Moreover, the ransom payment offers no guarantee that access to the encrypted data will ultimately be granted to users.
