Over the past few years, ransomware cyberattacks have increasingly impacted public and private-sector organizations. The recent outbreaks NotPetya and WannaCry are only two of the many different examples of malware wreaking havoc across the globe.
A recent Google study says that ransomware is here to stay, and cyberthieves have made at least $25 million from ransomware in the last two years
While the threat and urgency surrounding solutions to our ransomware emergency have surfaced, there is a growing focus on one of the most prominent counter-developments called the "No More Ransom" Project.
Here’s some background on "No More Ransom" from their website:
"Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.
The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies — Kaspersky Lab and McAfee — with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties."
The list of organizations, including global governments and companies, that have become partners on No More Ransom is growing rapidly. You can see that partner list here.
How Can the Website Help?
The No More Ransom project Web portal offers many resources, including: A Crypto Sheriff tool to help identify what type of ransomware you may be infected with, plenty of ransomware prevention advice, a Q/A section which includes the history of ransomware and even some decryption tools to help with the fix for many types of ransomware. There is also a link to report a cybercrime.
This YouTube video below from AWS re:Invent 2016 in December describes in detail the some of the recent ransomware attacks on health-care organizations and how No More Ransom offers help.
I also like this article from ZDNet, which describes the No More Ransom Project as being one year old. Here’s an excerpt:
“Following the initial success of the initiative, seven more cybersecurity firms have since joined as associate partners — Bitdefender, Check Point, Trend Micro, Emisoft, ElevenPaths, Avast and Cert.PL — each contributing to the development of decryption keys.
Dozens of law enforcement agencies — including Interpol, Enisa and the NCA — have also become actively involved in the scheme, which also receives additional support from dozens of security firms. There's now 109 partners in total. …
It's difficult to quantify the exact number of decryptions which have occurred thanks to downloads from No More Ransom — the portal just provides links, it doesn't monitor what happens next — but it's thought that over 28,000 decryptions have taken place using the tools, saving millions from being paid to cybercriminals in the process.”
The number of companies supporting this initiative is growing rapidly, and I actually first heard about the project from Caston Thomas, who is a trusted professional cyberindustry colleague who works for InterWorks, which just joined the initiative.
I asked Caston some questions that I believe can help readers understand the value and importance of this effort.
Dan Lohrmann (DL): What do you see as the primary benefit of the No More Ransom Initiative?
Caston Thomas (CT): The biggest benefit is that there is now a free, one-stop shop where anyone affected by ransomware can:
- Test encrypted files to see if the files can be decrypted without paying the ransom
- Learn the best practices for preventing ransomware attacks
- Access the latest information and tools to decrypt files
- Report a cybercrime in the country where the attack was perpetrated
DL: Why did your company join? Can you benefit without joining?
CT: InterWorks’ mission is to make the Internet safer. The No More Ransom initiative was started to help victims of ransomware and to eliminate the incentives for cybercriminals. And after its one-year anniversary, NMR remains truer to its roots than ever. Every sponsor of NMR supports that mission when we sign on to be a sponsor.
Anyone can enjoy the benefits of the information & tools made available on the No More Ransom website. NMR is bring together the best and brightest of subject matter experts into a single online, collaborative site — ransomware researchers and anti-malware developers, law enforcement and incident responders, awareness trainers and governmental/academic educators. I guess it’s a lot like Wikipedia, open source and freely available to anyone! There’s not one place on the NRM website that requires a login.
DL: What are the goals over the next year?
CT: Because NMR is grassroots, and the interaction of the sponsors is informal, I’m not aware of any "goals." If I were able to speak for all the sponsors, I think we would all agree that our goal is to help as many people as possible to avoid being hit by ransomware or having to pay a ransom.
DL: Is there anything else we should know about this topic?
CT: Please, just go check out the NMR website and spread the word.
I urge federal, state and local governments to become engaged in this No More Ransom (NMR) project. The reason is that international cooperation can often get bogged down in policy discussions and lack the “hands-on” solutions that most organizations need now.
As my friend Mark Weatherford said in this CSO online post on the same topic: “This is an area that requires the international community to come together and create some norms that everyone could agree to. …”
Personally, I find this No More Ransom project to be refreshing and see it as an excellent resource that we can all use and encourage to grow.