No More Ransom, launched less than a year ago, is going from strength to strength as more partners from both law enforcement and the private sector join the programme.
No More Ransom was unveiled in July 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab in what was hailed as a new level of partnership between the public and private sectors to combat ransomware.
It serves as an education resource to teach computer users how to protect themselves from ransomware, but it's main attraction is the collection of decryption tools. There are 40 decryption packages, supplied by a range of member organisations, offering the possibility of decrypting files which have been locked up by selected strains of ransomware.
Not every victim can be helped, but nonetheless it has attracted users from around the world, with the majority coming from Russia, the Netherlands, the United States, Italy and Germany.
Steven Wilson, head of the European Cyber Crime Centre (EC3) at Europol, told SC Media UK that No More Ransom is “probably the best example of a public-private partnership that I've seen yet in cyber-crime”.
“It's everyone coming together – key partners and key law enforcement agencies from across the world – and everyone's going in the same direction,” he said.
It's early days but as more organisations and law enforcement agencies join, the impact of the initiative will grow, he said. “The stats that I have show that 10,000 people have had decryption keys [from No More Ransom's decryption tools] to enable them to unlock encrypted files. That is only going to grow and grow the more industry, the more police forces become involved in this.”
Developments for No More Ransom include the addition of new associate partners – Avast, CERT Polska and Eleven Paths (the Telefonica Cyber Security Unit).
Thirty new organisations have joined as partners bringing the total to 76, and No More Ransom has also welcomed new law enforcement organisations from Australia, Belgium, Interpol, Israel, South Korea, Russia and Ukraine.
Europol and Interpol work closely on cyber-crime and organise an annual conference that alternates between Singapore and The Hague, so Wilson was particularly pleased to have them on board. “I have spoken extensively to Noboru Nakatani, my equivalent at IGCI [Interpol Global Complex for Innovation] and they are delighted to become involved, as well,” he said.
Victims of ransomware will hopefully benefit from 15 new decryption tools, added to the site today by partner organisations:
- AVAST: Alcatraz Decryptor, Bart Decryptor, Crypt888 Decryptor, HiddenTear Decryptor, Noobcrypt Decryptor and Cryptomix Decryptor
- Bitdefender: Bart Decryptor
- CERT Polska: Cryptomix/Cryptoshield decryptor
- Check Point: Merry X-Mas Decryptor and BarRax Decryptor
- Eleven Paths – Telefonica Cyber Security Unit: Popcorn Decryptor
- Emsisoft: Crypton Decryptor and Damage Decryptor
- Kaspersky Lab: Updates on Rakhni and Rannoh Decryptors
The partnership model is especially important to No More Ransom and Europol, Wilson said. “Industry are bringing to bear resources that law enforcement could never hope to do. As every area of industry contributes what they have in relation to this, we are starting to see, for the first time, concrete steps to counter ransomware on a preventative level.”
The site is now available in 14 languages: English, Dutch, French, Italian, Portuguese, Russian, Finnish, German, Hebrew, Japanese, Korean, Slovenian, Spanish and Ukrainian.
Wilson said: “We initially conceived this as a European resource, so we were completely blown away by the response from around the world. As a result, we have raised our expectations so this is no longer a European-only resource – it is a global one.”