In-brief: a group of law enforcement and security technology firms that have joined forces to help victims of ransomware fight back.
Victims of ransomware who are struggling to decide between two bad options (pay the ransom, or kiss your data goodbye) now have somewhere else to turn for help: a group of law enforcement and security technology firms that have joined forces to help victims of ransomware fight back.
The group, which has set up shop as Nomoreransome.org, is led by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies: Kaspersky Lab and Intel Security. The group is offering victims of certain ransomware variants decryption tools that can retrieve encrypted data without having to pay the criminals, as well as resources for understanding ransomware and reporting ransomware infections.
For now, the list of ransomware that Nomoreransome can help bypass is short. The site allows visitors to download decryptors for the CoinVault and Bitcryptor ransomware campaigns. Also available are the RannohDecryptor, the RakhniDecryptor and the ShadeDecryptor. In all, decryption tools for more than 20 different ransomware variants are offered. However, some of the most prolific variants, including Locky and Cerber, are not among those for which relief is available. Tools are available to help with CryptXXX, which Symantec identified as a common malware strain, but only older versions of the malware.
The site also seeks to educate users about how ransomware works and what countermeasures can prevent infections.
“We’re saying, we’re now committed toward a longer-term solution: not having to let people decide whether to pay the ransom,” said Raj Samani, Intel Security’s CTO for Europe, the Middle East and Africa in an interview with Information Security Media Group. “We’ve now given you a third option.”
Symantec’s latest Internet Security Threat Report (ISTR) found that 2015 was a record year for ransomware, with 100 new families of the malicious software discovered, most of it s0-called ‘crypto ransomware’ which encrypts files on victim computers until ransom is paid.
Law enforcement has been at a loss to assist victims of ransomware crimes. In 2015, an FBI agent from the Bureau’s Boston office made headlines for warning that it could not always assist victims in retrieving files and that, in some instances, paying the ransom was the best course of action for victims. The agency has since walked back those statements, saying that it does not condone or encourage payments to cyber criminal groups that run ransomware campaigns.