A new free decryption tool with more than 160,000 keys starts playing on the victims` side, helping them restore their files.
Intel Security, Kaspersky Lab and the Dutch National Police, Europol came together today to start fighting ransomware together establishing the No More Ransom initiative. The purpose of the No More Ransom online portal (www.nomoreransom.org) is to inform and help victims retrieve their data without having to pay ransom to the crooks.
Ransomware is a type of malware that encrypts victims` files or locks their device and then forces them to pay in order to obtain the decryption tool and have their files back. According to statistics, ransomware is at the top of the treat list for EU law enforcement with a 550% increase in the numbers of attacked users for the last couple of years. In 2015-2016 there are over 700,000 attacked including not only individual users but also corporate and government networks.
The No More Ransom website provides all kinds of helpful ransomware-related information: “what ransomware is”, “how exactly does it operate”, “how can you get infected”. But the most important issue is “how can you avoid becoming a victim” and “how to properly protect your machine”. Proper protection is so important because there are too many different types of ransomware and not nearly enough decryption keys. Not no mention, even if there were, there is no guarantee that after paying the ransom and obtaining the key you will manage to restore your files.
On the website users can find tools and instructions which may help them regain control over the affected device or files. For now there are four decryption tools available in the portal for different type rot malware. The last decryptor was developed last month on account of the Shade ransomware-type Trojan.
Shade occurred in 2014 and was distributed via spam emails with eye catching titles and attachments and malicious websites. It uses a complicated decryption algorithm for each encrypted file, with two random 256-bit AES keys generated. One of them encrypts the file’s contents, while the other – the file`s name. After arriving at its destination the malware encrypts user`s files and creates a file with a “.txt” extension. When opening this file users find a ransom note and direct instructions on how to pay the ransom demanded.
Since its appearance in 2014, Intel Security and Kaspersky Lab have managed to prevent over 27,000 attack attempts. Mostly, the Trojan has been detected raging out in Germany, Russia, Austria, Kazakhstan and Ukraine but it was also spotted in Italy, France, the Czech Republic and the US.
Eventually, the Shade command-and-control (C&C) server was cracked and all the decryption keys were given to the researchers from Kaspersky Lab and Intel Security. By working together and sharing information they succeeded in creating a decryption tool containing more than 160,000 keys which is available at the No More Ransom portal. With its help users whose files have been encrypted can restore them without paying a cent to the cybercriminals.
Another feature the No More Ransom portal offers is the opportunity of a cybercrime to be reported. Victims are being directly connected with Europol`s overview of national reporting mechanisms. Reporting ransomware will help the authorities identify the treat and give them better chances in beating it.
Users are strongly advised, if becoming a ransomware victim, not to pay the ransom. By paying you are basically investing in the cybercrime`s business and making the attackers stronger and greedier. Besides, not one of them can assure you that after paying the ransom you will be given access to the locked data.