Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Europol Declares War on Ransomware

Europol has declared war on ransomware with the launch today of its ‘no more ransom’ initiative. Built around a new online portal (www.nomoreransom.org) and supported by the Dutch National Police, Kaspersky Lab and Intel Security (McAfee), the purpose is to help protect users from ransomware, to help infected victims recover their data, and to gather information for law enforcement agencies.

Europol has declared war on ransomware with the launch today of its ‘no more ransom’ initiative. Built around a new online portal (www.nomoreransom.org) and supported by the Dutch National Police, Kaspersky Lab and Intel Security (McAfee), the purpose is to help protect users from ransomware, to help infected victims recover their data, and to gather information for law enforcement agencies.

Europol stresses that prevention is better — and more effective — than cure. The number of victims is growing dramatically, while the number of decryption tools remains low. Kaspersky says the number of users attacked by crypto-ransomware rose by 5.5 times, from 131,000 in 2014-2015 to 718,000 in 2015-2016. The portal currently contains four decryption tools for different malware versions. 

All of these decryption tools were developed by the existing project members. The latest is for Shade. Shade actually warns its victims that attempts at decryption by themselves will result in permanent loss of their data. Sean Sullivan at F-Secure told SecurityWeek that he believes the warning to be more to prevent self-decryption attempts than to be a serious issue. Nevertheless, it is a valid warning. If anything goes wrong with the progress of decryption it would change the files sufficiently for the genuine keys to become unworkable.

For this reason, Kaspersky Lab told SecurityWeek, “We also recommend [you] make backups of the encrypted files before you start decrypting them, so that in the unlikely case that something goes wrong, you still have your original encrypted files.”

“Awareness is key as there are no decryption tools for all existing types of malware available to this day,” warns Europol. “If you are infected, the chances are high that the data will be lost forever. Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place.” All of this advice can be found on the new site.

The initiative is described as public-private cooperation — which is increasingly viewed as the most effective way forward in the fight against cyber crime. “This is a joint responsibility of the police, the justice department, Europol, and ICT companies, and requires a joint effort,” explained Wilbert Paulissen, Director of the National Criminal Investigation Division at the Dutch National Police. “This is why I am very happy about the police’s collaboration with Intel Security and Kaspersky Lab. Together we will do everything in our power to disturb criminals’ money making schemes and return files to their rightful owners without the latter having to pay loads of money.”

The Dutch police have a reputation for being proactive against cyber crime. In 2010, working with FoxIT and the ISP LeaseWeb, they took over Bredolab servers and caused them to download a police warning message to infected users.

Raj Samani, EMEA CTO for Intel Security, commented, “This collaboration goes beyond intelligence sharing, consumer education, and takedowns to actually help repair the damage inflicted upon victims. By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment.”

Advertisement. Scroll to continue reading.

All parties hope that this is the start of a much wider public-private collaboration. “It is an open, non-commercial project,” Europol told SecurityWeek. “We do expect other IT security companies and other law enforcement agencies to join in the future. The more forces join to fight ransomware, the better.”

David Harley, ESET Senior Research Fellow, thinks this is likely. “I’m sure other mainstream companies would get involved if invited,” he told SecurityWeek. “We regularly work with law enforcement and other state agencies in a wide variety of contexts.”

The site itself is maintained jointly by the existing project partners, although it is not clear whether this will extend to all participating partners if the project expands in the future. It contains advice on how to avoid infection, and offers the opportunity — in some cases — for victims to retrieve their data through decryption.

Its advice to victims who cannot recover their files is simple: don’t pay. SecurityWeek asked Europol if this advice applied equally to consumer and corporate victims. “We firmly believe in the Don’t Pay – advice because by paying you are supporting criminal activity. Once infected, you should report the issue to your competent law enforcement organization. Also, corporate victims should take preventive measures to ensure that they will not become the victim of ransomware (back-ups, etc).” Kaspersky Lab added, “All in all, you need to remember that paying ransomware to criminals doesn’t guarantee you will receive a decryption key.”

The reality, however, is that while this advice might be reasonable for consumer victims, corporate victims of ransomware invariably will — and indeed should — take a individual risk-based approach on whether to pay.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.