EU: Dutch National Police, Europol, Intel Security and Kaspersky Lab have joined forces to launch an initiative called No More Ransom, a new step in the co-operation between law enforcement and the private sector to fight ransomware together.
No More Ransom is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals. Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves. The project provides users with tools that may help them recover their data once it has been locked by criminals. In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant.
Shade is a ransomware-type Trojan that emerged in late 2014. The malware is spread via malicious websites and infected email attachments. After getting into the user's system, Shade encrypts files stored on the machine and creates a .txt file containing the ransom note and instructions from cybercriminals on what to do to get user's personal files back. Since 2014, Kaspersky Lab and Intel Security prevented more than 27 000 attempts to attack users with Shade Trojan. Most of the infections occurred in Russia, Ukraine, Germany, Austria and Kazakhstan. Shade activity was also registered in France, Czech Republic, Italy, and the US.
The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella. Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners' cooperation.
Reporting ransomware to law enforcement is very important to help authorities obtain a clearer overall picture, and thereby a greater capacity to mitigate the threat.
“If you have somehow become a victim of ransomware, we advise you not to pay the ransom. By making the payment you will be supporting the cybercriminals' business. Plus, there is no guarantee that paying the fine will give you back the access to the encrypted data,” says Interpol.
This is a longer version of a news piece that appears in CRJ 12:1