No More Ransom, an initiative launched to help victims of ransomware decrypt their files, has contributed 136 decryption tools covering 165 ransomware families – and helped more than 1.5-million people worldwide decrypt their devices.
Ransomware encrypts valuable information stored on victims’ computers by infecting them using insecure and fraudulent websites, software downloads, malicious attachments, and through RDP (remote desk protocol) attacks and exploiting vulnerable Internet-facing servers. Criminals then seek ransom from the victim, promising to retrieve their encrypted data in return. This type of malware has been a cybersecurity concern for many years, with attackers targeting all types of stakeholders – from customers to enterprises – and evolving from separate gangs to full-fledged businesses with their own ecosystems.
To help people and organisations retrieve access to valuable information, the National High Tech Crime Unit of the Dutch National Police, Europol’s European Cybercrime Centre, Kaspersky and other partners 2016 jointly created the No More Ransom initiative. On the official website, participants can publish decryption tools, guidelines, and instructions on how to report a cybercrime regardless of where it happened. These tools and materials have helped victims of 165 ransomware families get their data back without any payments. In addition to the decryption tools, the project also aims to spread information on how ransomware works and what measures can be taken to prevent infection.
Kaspersky, one of the founding partners, contributed to the 9 decryption tools, which helped to retrieve the data encrypted by 38 ransomware families. Since 2018, these tools have been downloaded 304,274 times.
“Ransomware is an effective way to get money from victims and remains one of the biggest cybersecurity concerns,” says Jorn van der Weil, a security researcher at Kaspersky Global Research and Analysis Team. “In just the first three months of 2022, more than 74,000 unique users were found to have been exposed to this type of threat – and all these attacks were successfully detected. This has led to an increase in the tendency of helping these initiatives.
“I’m extremely happy that we are able to assist people and companies in “restoring” their digital assets, without paying the attackers. This way we hit the criminals where it hurts – their business model – as users are no longer forced to pay to decrypt their data. We will keep on fighting ransomware with our existing and future partners.”
For more information, visit nomoreransom.org.