Ransomware fightback project gets bigger and stronger

Print Friendly, PDF & Email

Last August we announced that we were part of a project called No More Ransom (NMR), which is a collaboration of law enforcement and IT Security companies.  NMR built the No More Ransom portal, which houses several resources and offers visitors ransomware prevention advice and decryption tools.  There is also a tool called “Crypto-Sheriff” which gives victims the ability to upload encrypted files for analysis.  Here's a video to show how it works:

 

Unprecedented Cooperation

What makes this project so special is the unprecedented level of cooperation between law enforcement and the private sector in this fight against ransomware.  According to the latest Europol statement, there are now 76 partners and seven associated partners in the project.  The associated partners that joined since December have contributed these decryptors:

One of the founding partners, Kaspersky Lab, also contributed recent updates to the Rakhni and Rannoh Decryptors.

NMR was wildly successful right out of the gate, with 2.6 million visitors to the site in the first 24 hours.  Because of the worldwide enthusiasm and interest in the project, NMR created a two-phase expansion process.  Phase 1 would focus on Law Enforcement Agencies, and Phase 2 would bring in more private industry.  Recent announcements from NMR and Europol indicate both phases have been successful.

A Global Problem

No More Ransom is an international, cross-industry response to a global problem:

  • The website is available in 14 languages, with more expected to be added soon
  • 83 partners and associate partners represent all continents across the globe
  • 10,000 victims from all over the world have recovered from ransomware attacks using NMR
  • Majority of site visitors come from Russia, the Netherlands, United States, Italy, and Germany


Click here for our on-demand
webinar on how to keep
healthcare networks safe
from ransomware.

How did we get to this point? Malwarebytes points out that we've seen ransomware as early as 1989 when the AIDS Trojan would lock autoexec.bat and ask the user to ‘renew the license' by sending money to a PO box in Panama.   When Crypto-Locker hit the wild in 2013, it changed the way ransomware operated.  Instead of locking down a computer like the old FBI lockdown ransomware that accused you of committing a crime, it would simply encrypt everything it could find so that the data was unusable.  It then demanded payment electronically, which was easier for the victim than sending money via snail mail.  Criminals created copy-cat versions, criminal enterprises diversified their methods to include ransomware, and malvertising was discovered as an easy and reliable means of infection.  Meanwhile, the world was becoming more connected via email and Internet connectivity.  Fast-forward a few years and we have Ransomware-as-a-Service with HR departments, recruiting specialists, and help desks that walk the victims through bitcoin payments.  The criminals have built a complete infrastructure to support a profitable enterprise.

What You Can Do

Law enforcement agencies and the IT sector are unified against paying the ransom.  Payment does not guarantee decryption, you could also lose data to corruption during decryption, and payment encourages the criminals.  There also appears to be universal agreement that prevention is much better than relying on data backup to prevent ransomware losses.  Deploy a multiple layer security solution that protects all threat vectors, including network, email, web, and application. 

Finally, educate yourself as much as possible about ransomware in the context of your business.  How can the attack break through your defenses?  How long will you be offline if an attack is successful?  How much data can you afford to lose?  Do you need to make changes in your security or data protection strategies?

Barracuda and AWS

The Barracuda Web Application Firewall protects the NMR partner organization in the AWS public cloud.  You can learn more about this partnership in this guest blog post by Raj Samani and this case study (pdf).

Ransomware Solutions

For more information on ransomware and Barracuda solutions, follow our ransomware blog here, and visit our corporate ransomware site here.

 

Scroll to top
Tweet
Share
Share