New sheriffs in town: No More Ransom

NoMoreRansomA couple of months ago, Intel Security, Kaspersky Lab, Dutch National Police and Europol announced the No More Ransom initiative.

Such an initiative was a true example of the term Public-Private-Partnership (PPP), where all parties had agreed to work together to combat ransomware. Part of this initiative was the development of a portal, which provided something unique in the sea of sites providing advice to consumers and businesses, a third option. Consider the advice you have to give to someone that is a victim of ransomware, pay the criminal or lose your data. Now victims are not only provided with guidance about which ransomware family they have been infected with, but in certain cases a free decryption tool.

To put this into perspective, whether the victim is a customer of Intel Security, Kaspersky Lab or anybody else for that matter, they are provided with a free tool to decrypt their data (should one exist). Furthermore, they can also find guidance on preventative information as well as advice on how to report to law enforcement.

Developing such tools takes considerable time, with law enforcement and private industry within the initiative working hard to identify the criminal infrastructure, seize it, and extract the decryption keys. All of which is done with the sole purpose of providing every victim of ransomware that third option: Don’t Pay, and recover your data.

Since the launch a lot has happened. We have successfully provided tools that have decrypted 6,000 computers. Of course, putting a specific dollar amount on how much money we have prevented going to criminals is dependent on the price of Bitcoin, but today that number is in excess of $2 million. The site itself has been hugely popular, some of whom had very different intentions by attempting to bring the site down. We’ve received support from AWS and Barracuda who kindly donated resources.

Today we are pleased to announce that the online portal will now be available in Dutch, French, Italian, Portuguese and Russian. Translations into yet more languages are currently ongoing, and their implementation will follow very soon. Today, Bitdefender, Check Point, Emsisoft and Trend Micro have become new associated partners to the project. As a consequence, 32 new decryption tools have been added to the site.

New supporting partners include: AnubisNetworks, AON, Armor, Association for Preventing and Countering Frauds (APCF), BH Consulting, CECyF (Centre Expert contre la Cybercriminalité Français), Cyberlaws.NET, Cylance Inc., DATTO, Inc., ESET, FS- ISAC (Financial Services – Information Sharing & Analysis Center), G DATA Software AG, Heimdal Security, s21Sec, Smartfense, SWITCH, Ukrainian Interbank Payment Systems Member Association (EMA), CERT-EU (Computer Emergency Response Team for the EU institutions, agencies and bodies), IRISS CERT (Irish Reporting and Information Security Service), CIRCL.LU (Computer Incident Response Center Luxembourg) and SI-CERT (Slovenian Computer Emergency Response Team).

In addition, we welcome eu-LISA (the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice), as well as the Austrian, Croatian, Danish, Finnish, Maltese, Romanian, Singaporean and Slovenian police as supporting partners, making a total of 22 countries involved.

We as an industry are doing everything we can to fight back against ransomware, but we need your help. The initiative is open to organizations that can support the public promotion of the fight against ransomware through membership as a supporting partner. Alternatively, for those organizations that develop decryption tools and can assist operationally the opportunity exists to become an associate partner. The only way that we can combat this growing threat is through collaboration, it’s time for a true public-private-partnership. So get involved, your industry needs you.

Christiaan Beek, Director of Strategic Intelligence & Operations at Intel Security, contributed to this article.