A few days ago, anticipating the events we announced the No More Ransom page. The site created by Interpol, την ολλανδική αστυνομία, την Kaspersky και την Intel, προσφέρει μια σειρά από εργαλεία ανίχνευσης και αποκρυπτογράφησης. Θα βρείτε επίσης και πολλές συμβουλές για το πώς να προστατεύσετε τα δεδομένα σας από τα ransοmware.
Today, Kaspersky Lab somewhat lately sent us the press release:
The Dutch Police, Europol, Intel Security and Kaspersky Lab joined forces to create the "No More Ransom", Which is a new step between co-operating law enforcement and the private sector to jointly combat the ransomware programs.
Through a new web portal (www.nomoreransom.org), the “No More Ransom” initiative aims to inform the public about the dangers of ransomware, as well as help victims recover their data them, without having to pay ransom to digital criminals.
Ransomware is a type of malware that locks the victim's computer or encrypts its data, requiring an ransom to allow the recovery of the "infected" device or locked files. Today, ransomware programs are one of the top threats facing law enforcement authorities in the EU.
Almost two-thirds of EU Member States are investigating these types of attacks. While the goal is often the devices of individual users, corporate or government networks are not unaffected by this situation. At the same time, the number of victims is rising at an alarming rate. According to Kaspersky Lab data, the number of crypto-ransomware attackers increased by 550%: from 131.000 in the period 2014-2015 to 718.000 in the 2015-2016 period.
NoMoreRansom.org (No More Ransom)
Purpose of the site www.nomoreransom.org is to provide a useful online πόρο για τα θύματα των προγραμμάτων ransomware. Οι χρήστες μπορούν να βρουν πληροφορίες για τα είδη των προγραμμάτων ransomware, πώς λειτουργούν και – το σημαντικότερο – πώς να προστατευτούν από αυτά. Η ενημέρωση παίζει ρόλο-κλειδί γύρω από αυτό το ζήτημα, καθώς δεν υπάρχουν εργαλεία για την αποκρυπτογράφηση όλων των υφιστάμενων τύπων κακόβουλου λογισμικού. Αν η συσκευή κάποιου χρήστη «μολυνθεί», υπάρχουν πολλές πιθανότητες να χαθούν για πάντα τα δεδομένα του. Χρησιμοποιώντας το Διαδίκτυο συνετά κι ακολουθώντας μια σειρά από απλές συμβουλές ψηφιακής ασφάλειας, οι χρήστες μπορούν να αποφύγουν τη «μόλυνση».
The new No More Ransom initiative also provides tools that can help victims recover data that criminals have "locked in". At an early stage, the new web portal contains four decryption tools for different types of malware. The most recent was developed in June of 2016 for the Shade ransomware program.
Shade is a ransomware Trojan that first appeared in late 2014. The malware spreads via malicious websites and "infected" email attachments. Once inside the user's system, Shade encrypts the saved files and creates a .txt file, which contains a ransom note and instructions from the cybercriminals on what the user needs to do to get their personal files back . The Shade uses strong decryption algorithms for each encrypted file, with two random 256-bit AES keys generated. One is used to encrypt the contents of the file, while the other is used to encrypt the file name.
Since 2014, Kaspersky Lab and Intel Security have blocked over 27.000 attempted attacks through Trojan Shade. Most cases were found in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade activity was also recorded in France, the Czech Republic, Italy and the USA.
In close collaboration and exchange of information between the various partners, Shade's Command & Control Server was confiscated, which was used by criminals to store decryption keys. These keys were reported to Kaspersky Lab and Intel Security. This helped to create a special tool, which can "download" victims through the portal of the No More Ransom initiative, to retrieve their data without paying criminals. The tool contains more than 160.000 keys.
No More Ransom Public and Private Sector Collaboration
The new No More Ransom initiative is non-commercial in nature and aims at cooperation between public and private actors in a common format. The initiative is open to cooperation with new partners due to the changing nature of ransomware programs, as digital criminals regularly create new variants.
Wilbert Paulissen, Director of the National Police Directorate for Criminal Investigation of the Dutch Police, said: "We, the Dutch police authorities, can not fight against digital crime on our own - and the programs ransomware particularly. This is a joint responsibility of the police, the Ministry of Justice, Europol, the IT companies and requires a joint effort. For this reason, I am very happy about our cooperation with Intel Security and Kaspersky Lab. Together we will do everything in our power to stop criminals' money-stealing schemes and return encrypted files to their rightful owners without the latter having to pay money."
"Today, the biggest problem with crypto-ransomware programs is that users are directly paying criminals to take back the" locked "data they consider valuable. This strengthens illegal activities, so we are faced with an increase in the number of new players and the number of attacks. We can only change the situation if we coordinate our efforts to combat ransomware programs. The appearance of decryption tools is only the first step on this road. We expect this project to expand and soon there will be many more companies and law enforcement authorities from other countries who will fight with us to fight the ransomware programs, "said Jornt van der Wiel, Kaspersky Lab's Global Security and Research Researcher.
"No More Ransom demonstrates the value of public-private co-operation to take serious action against the fight against digital crime"Said Raj Samani, Intel Security Chief Technology Officer for EMEA. "This cooperation goes beyond sharing information, educating Internet users, and dismantling the groups behind these programs, by proceeding to actions that help effectively in repairing the damage caused to the victims. By restoring access to their systems, we provide users with confidence, showing them that they can act themselves and prevent the criminals from "rewarding" by paying ransom. "
Finally, Wil van Gemert, Deputy Director of Europol Operations, commented: "For a number of years, ransomware programs have been a major concern for prosecuting authorities in the EU. These malicious programs affect both citizens and businesses against computer and portable devices while criminals are developing increasingly sophisticated techniques to cause maximum impact on victim data. The No More Ransom initiative, like other similar programs, shows that cooperation between specialists and the League of Forces is the only way to successfully fight against digital crime. We believe that our initiative will help many people regain control of their files, while also raising awareness and informing the public about how to keep their devices' clean 'from malware'.
No More Ransom: Citizens must always report the attacks ransomware
It is extremely important to always report the attacks with ransomware, as it helps the prosecution authorities to have a more comprehensive and clear picture, thus enhancing their ability to neutralize the threats. The No More Ransom initiative offers victims the opportunity to report a crime, in-line with Europol's supervisory mechanism, which covers the national reporting mechanisms.
If in any way an Internet user falls victim to ransomware, it is important not to succumb to the pressure of the criminals and to pay a ransom. Each payment strengthens the actions of digital criminals. Moreover, the ransom payment offers no guarantee that access to the encrypted data will ultimately be granted to users.
