No More Ransom was launched in July 2016, by the Dutch National Police, Europol and the IT security firms Intel Security and Kaspersky Lab, as cooperation between law enforcement and the private sector to fight ransomware together. The aim of the online portal is to provide a resource for victims of ransomware. Users can learn what ransomware is, how it works; and, how to protect themselves.
During the first two months, organisers say more than 2,500 people have managed to decrypt their data without having to pay the criminals, using the main decryption tools on the platform (CoinVault, WildFire and Shade). This has deprived cybercriminals of an estimated $1m-plus in ransoms. Five decryption tools are listed on the website. Since the launch of the portal, the WildfireDecryptor has been added and two decryption tools updated: RannohDecryptor (updated with a decryptor for the ransomware MarsJoke aka Polyglot) and RakhniDecryptor (updated with Chimera).
Steven Wilson, head of the European Cybercrime Centre, says: “Europol is fully committed to supporting the enlargement of the No More Ransom project within the EU and internationally to respond to ransomware in an effective and concerted manner. Despite the increasing challenges, the initiative has demonstrated that a coordinated approach by EU law enforcement that includes all relevant partners can result in significant successes in fighting this type of crime, focusing on the important areas of prevention and awareness. I am confident that the online portal will continue to improve in the months to come. All police forces are warmly encouraged to join the fight.”
And Jornt van der Wiel, Security Researcher at the Global Research and Analysis Team at Kaspersky Lab, says: “The fight against ransomware succeeds best when law enforcement agencies and the private sector join forces. Researchers can offer broader malware analysis and services like internet scanning, helping to find connections between different items of data. This enables the police to locate and seize the servers used to manage the attack. In some cases, the researchers’ insight can also help to track down and arrest the criminals responsible. The seized servers can contain decryption keys, and, when shared with private sector companies this can be turned into decryption tools that help victims to unlock their data without paying the ransom. Basically, information-sharing is the key to effective collaboration between the police and security researchers. The easier and faster it happens – the more effective the partnership becomes. Getting more law enforcement agencies from different countries on board will therefore improve operational information-sharing, so that in the end ransomware will be fought more effectively.”
The portal is being adapted to support different language versions. As a second step, the project will welcome new companies from the private sector.
See also https://www.europol.europa.eu/content/13-countries-join-global-fight-against-ransomware.
