No More Ransom offers decryption keys to encourage ransomware victims not to pay
Two IT security firms have joined with the Dutch National Police and Europol to launch a website aimed at combating the rapidly growing problem of ransomware.
Kaspersky Lab and Intel said the No More Ransom site is intended to bring together law enforcement and private-sector resources to take aim at the issue, and is open to new members.
Some ransomware decryption keys have been obtained by security experts and No More Ransom makes these available in the form of four decryption tools, the most recent of which was developed in June for the Shade variant after Shade’s control servers were seized, Kaspersky said.
Shade was involved in infections in Russia, Ukraine, Germany, Austria and Kazakhstan and the variant was also found in France, the Czech Republic, Italy and the US, according to the firm.
The site also provides the means for the public to report ransomware cases.
The site’s backers said it is intended to help coordinate the fight against ransomware, which has grown so rapidly in part because those affected are prepared to pay.
“The appearance of decryption tools is just the first step on this road,” stated Kaspersky Lab researcher Jornt van der Wiel. “Soon there will be many more companies and law enforcement agencies from other countries and regions fighting ransomware together.”
The project said it is looking for keys for some of the most prevalent variants, including Locky, Cryptolocker, Teslacrypt and Torrentlocker.
Industry observers have warned that ransomware, which typically encrypts a user’s files and demands payment to decode them, is spreading rapidly as criminals find it a reliable source of revenues.
Kaspersky said the number of cases it tracked rose more than five times from 2015 to 2016, with more than 700,000 attacks recorded last year.
A recent study by security experts found that ransomware gangs have developed sophisticated and friendly customer service operations aimed at gaining the confidence of those attacked and ensuring they deliver payment.
Users are advised to avoid the threat by frequently backing up their systems and avoiding opening attachments from unknown parties.
In cases where decryption keys have been made available the affected files can be recovered, but otherwise users have little choice but to pay the ransom or lose access to their data.