The NoMoreRansom initiative, which started in July this year, now has 13 new members. It was specially established by the Dutch National Police, Kaspersky Lab, Europol and Intel Security to help users who have fallen victims to ransomware.
The official website of the initiative (https://www.nomoreransom.org/) includes free decryptors, which victims can use to get their files back without paying the ransom amount. Initially, the decryption tools the website provided were for Shade and CoinVault. Later, the WildfireDecryptor was included as well and two others were updated – RakhniDecryptor (updated with Chimera) and RannohDecryptor (updated with MarsJoke aka Polyglot). Only in two months, the initiative has helped 2500 users to retrieve their lost data and saved them more than $1 million, which, otherwise would have ended up in the crooks wallets.
“It is an open, non-commercial project. We do expect other IT security companies and other law enforcement agencies to join in the future. The more forces join to fight ransomware, the better.” – announced Europol when the initiative started.
The 13 new law enforcement agencies which joined NoMoreRansom are from Colombia, Bulgaria, France, Ireland, Bosnia and Herzegovina, Italy, Latvia, Hungary, Spain, the UK, Portugal, Lithuania, and Switzerland.
Europol also added: “Additional law enforcement agencies and private sector organizations are expected to join the program in the coming months.”
However, for the moment there are no endpoint security vendors and their joining is very important to the future success of the initiative. Much of the technical knowledge of law enforcement agencies comes exactly from private security firms, collaborating with them.
“The project has grown more and faster than initially foreseen, which is great.” – said a Europol spokesperson.
“It was born with an initial direction but soon we realized that there was room for even greater public-private cooperation. Therefore we decided to divide the enlargement of the project into two phases, first the law enforcement partners and then the private sector.”
Europol has decided to expand the project but to keep the situation under control instead of open its doors to all who are interested in joining.
“We have contacted all our law enforcement partners. So far 13 have joined and discussions with others are ongoing.” – added the spokesperson.
Now, the second stage of the project is being prepared, which includes the recruitment of additional endpoint security vendors.
“We have now created two levels of partnership. The first is ‘Associated’ comprising those vendors that contribute decryption keys or tools, sign a legal agreement, and become fully involved. Not all those who approached us are able to do this. The second level is ‘Supporting’: comprising those private sector companies that promote the portal, translate the website, or contribute in any other way. They only need to sign a consent form.” – Europol explains. “We have sent out invitations to all our partners but it’s not possible for us to proactively reach every IT security company in the world.”
Given the fact it is ‘an open, non-commercial project’, the invitations are probably informal and sent to the interested private sector companies who do not receive a direct invitation to proactively approach Europol themselves.
Currently, Europol is going over the approached it has already received and promises to make an announcement about the new members in the near future. For now, the NoMoreRansom is doing a great job but the project will be way more successful with the support of the private sector.