“Being attacked by ransomware virus? Need help retrieving your locked data?”
Ransomware is a form of malware used by cybercriminals to lock down users’ mobile or desktop devices (or encrypt their data on the devices) and then demand users’ money for unlocking them. In recent year the number of ransomware attacks are on the rise, according to Kaspersky research. Individual users, companies, organizations and even seats of government have fallen victim to these kinds of attacks.
Now law enforcement and IT security companies join forces to fight against ransomware. The Dutch National Police, Europol, Intel Security and Kaspersky Lab have launched an initiative called No More Ransom, to assist users in preventing, identifying, and decrypting ransomware threats. It is an online portal aimed at disrupting cybercriminal businesses with ransomware connections and helping victims to recover their encrypted data without having to pay ransom to the cybercriminals. In this website users can look for security advice, decryption tools and troubleshooting services to deal with ransom attacks. Victims of ransomware can directly report a crime to EU, Dutch, or USA law enforcement from the website.
Wil van Gemert, Europol Deputy Director Operations, said, “For a few years now ransomware has become a dominant concern for EU law enforcement. It is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim’s data. Initiatives like the No More Ransom project shows that linking expertise and joining forces is the way to go in the successful fight against cybercrime. We expect to help many people to recover control over their files, while raising awareness and educating the population on how to maintain their devices clean from malware.”
The website sums up five types of ransomware: Encryption Ransomware, Lock Screen Ransomware, Master Boot Record Ransomware, Ransomware encrypting web servers, and Mobile device ransomware (Android). That kind of malware is typically delivered through infected email attachments, drive-by-downloads, malvertising, or unknowingly via hacked websites. For more details, see Ransomware: Q & A.
There is a “Crytpo Sherrif” section in the website that lets users upload encrypted files to help define the type of ransomware, and if a solution to your infected device is available, you will be provided with the download link of decryption tool. Users can also head to the “Decryption Tools” section and find out if the tools provided there can work. For instance, the RannohDecryptor tool can be used to recover your data encrypted by the ransomware Rannoh, AutoIt, Fury, Crybola, Cryakl, etc.
As for the prevention advice, the website lists the following suggestions, including always backing up your data, using robust antivirus software, keeping your system and software up to date, trusting no one especially no file attachments or links, etc.
Earlier this year, a hospital in Hollywood paid hacker $17,000 in Bitcoin to unlock its data; several weeks ago a Canadian university paid over $15,000 restore access to its computer systems following a ransomware attack. To this issue, No More Ransom encourages victims not to pay the ransom, as their compromise will only confirm that ransomware works, and even so, there is no guarantee the data will be fully restored.
This non-commercial No More Ransom initiative is open to public and private parties, and it calls for more security companies and law enforcement agencies to work together in an effort to fight ransomware and safeguard public network security.