The Dutch National Police, the European Union’s police agency Europol, and the IT security companies Intel Security and Kaspersky Lab have launched an initiative called No More Ransom. They describe it as a new step in the cooperation between law enforcement and the private sector to fight ransomware.
No More Ransom (www.nomoreransom.org) is an online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals.
Ransomware is a type of malware that locks the victims’ computer or encrypts their data, demanding them to pay a ransom, to regain control over the affected device or files. While the target is often individual users’ devices, corporate and even government networks are affected as well. The number of victims is growing at an alarming rate: according to Kaspersky Lab, the number of users attacked by crypto-ransomware rose by 5.5 times, from 131 000 in 2014-2015 to 718 000 in 2015-2016.
The aim of the online portal www.nomoreransom.org is to provide an online resource for victims of ransomware. Users can find information on what ransomware is, how it works and, importantly, how to protect themselves. Awareness is key as there are no decryption tools for all existing types of malware available to this day. If you are infected, the chances are high that the data will be lost forever. Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place, the authorities say.
The project provides users with tools that may help them recover their data once it has been locked by criminals. In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant.
What they say
Wilbert Paulissen, Director of the National Criminal Investigation Division of National Police of the Netherlands, said: “We, the Dutch police, cannot fight against cybercrime and ransomware in particular, alone. This is a joint responsibility of the police, the justice department, Europol, and ICT companies, and requires a joint effort. This is why I am very happy about the police’s collaboration with Intel Security and Kaspersky Lab. Together we will do everything in our power to disturb criminals’ money making schemes and return files to their rightful owners without the latter having to pay loads of money.”
Jornt van der Wiel, Security Researcher at Global Research and Analysis Team, Kaspersky Lab said “The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back. That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result. We can only change the situation if we coordinate our efforts to fight against ransomware. The appearance of decryption tools is just the first step on this road. We expect this project to be extended, and soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together.”
And Raj Samani, EMEA CTO for Intel Security said: “This initiative shows the value of public-private cooperation in taking serious action in the fight against cybercrime. This collaboration goes beyond intelligence sharing, consumer education, and takedowns to actually help repair the damage inflicted upon victims. By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment.”
Wil van Gemert, Europol Deputy Director Operations, finally: “For a few years now ransomware has become a dominant concern for EU law enforcement. It is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim’s data. Initiatives like the No More Ransom project shows that linking expertise and joining forces is the way to go in the successful fight against cybercrime. We expect to help many people to recover control over their files, while raising awareness and educating the population on how to maintain their devices clean from malware.”
As another IT firm, Symantec says, it’s a nightmare scenario for any IT manager, receiving a phone call to hear that hundreds of computers have been infected with ransomware, knocking critical systems offline and putting their operations at risk.
That’s what happened to one large firm earlier this year, when it found itself the victim of a carefully planned and executed ransomware attack. Symantec says that from its investigation it found a perfect example of an emerging form of corporate-specific attack. While most ransomware gangs have focused on widespread, indiscriminate campaigns, a number of groups have begun deliberately targeting specific operations in a bid to cripple extract a massive ransom. Many of these attacks employ the same high level of expertise as in cyberespionage attacks, using a toolbox that includes exploits of software vulnerabilities and legitimate software utilities to break into and traverse a network, Symantec says.
The attackers in this unnamed example were able to gain a foothold on the network by exploiting an unpatched vulnerability in one of its servers. Using a number of publicly available hacking tools, the attackers mapped out the victim’s network and infected as many computers as they could with a hitherto unknown variant of ransomware. The outbreak caused disruption, but it could have been much worse. Fortunately critical systems were quickly back online and much of the data encrypted by the ransomware could be restored from backups.
These kinds of attacks are still relatively rare, but now that they have been proven possible, the potential opportunity to hold well financed IT users for ransom may motivate more attacks.
Symantec’s latest research paper on ransomware finds that it has now grown into one of the biggest dangers facing businesses and consumers today. 2015 was a record year, with 100 new ransomware families discovered. The vast majority of new ransomware discovered is now the more dangerous form of the threat: crypto-ransomware, which is capable of locking away the victim’s files with strong encryption.
The average ransom demand has more than doubled and is now US$679, up from $294 at the end of 2015. This year has also seen a new record in terms of ransom demand, with a threat known as 7ev3n-HONE$T (Trojan.Cryptolocker.AD) requesting a ransom of 13 Bitcoins per computer ($5,083 at the time of discovery in January 2016). With 31 percent of global infections, the US continues to be the country most affected by ransomware. Italy, Japan, the Netherlands, Germany, UK, Canada, Belgium, India, and Australia round out the top ten.
While the majority of victims (57 percent) continue to be consumers, the long term trend indicates a slow but steady increase in ransomware attacks aimed at organizations rather than individuals.
The services sector, with 38 percent of organisational infections, was by far the most affected business sector. Manufacturing, with 17 percent of infections, along with Finance, Insurance and Real Estate, and Public Administration (both on 10 percent) also figured.
