In a joint operation between industry and law enforcement, over a dozen countries have now banded together to help internet users combat the rising scourge of ransomware – a notorious type of malware that can lock down entire computer systems with the click of a mouse.
Dubbed No More Ransom, the project was launched in July by Europol, the Dutch National Police, Intel Security and Kaspersky Lab. Touting an online portal offering advice, a reporting service and free decryption tools – it recently announced law enforcement from 13 countries was now involved.
Ransomware is increasingly lucrative for cybercriminals and its ease-of-use means that it does not take a particularly sophisticated "hacker" to deploy it. In one landmark case earlier this year, a hospital in the US was forced to pay up $17,000 in bitcoin after its critical systems was infected.
It hijacks control of pictures, videos, documents including messages and typically shows a "lock screen" on the users' computer. The criminal will then direct the victim to pay a fee using bitcoin – a cryptocurrency that is difficult to trace. Thankfully, No More Ransom offers ways around paying.
One of the innovative tools is called 'Crypto Sherriff' and can help infected users to decrypt versions of Teslacrypt, Chimera, WildFire, CoinVault and Rakhni. The service allows users to upload their encrypted files alongside the ransom notice they received to identify the virus. Most recently, on 3 October, a decryptor called Rannoh was uploaded that can help patch at least seven ransomware strains.
It also offers a reporting system that spans the UK, Netherlands and the US. "You need to report it to your local law enforcement agency," the website states. "Your report will help to catch cybercriminals and prevent other users from being infected."
No More Ransom claims that in the first two months of operation over 2,500 people have used the service to decrypt their data without having to pay the cybercriminals. The project estimates this has cost the hackers over $1 million in ransoms, and it only expects this loss to grow.
"Getting more law enforcement agencies from different countries on board will therefore improve operational information-sharing, so that in the end ransomware will be fought more effectively," said Jornt van der Wiel, a security researcher at Kaspersky Lab.
He continued: "In some cases, the researchers' insight can also help to track down and arrest the criminals responsible. The seized servers can contain decryption keys, and, when shared with private sector companies this can be turned into decryption tools that help victims to unlock their data without paying the ransom."
The project comes with a strong warning not to pay any criminal who successfully infects a victim's systems. It states: "By sending money to cybercriminals you'll only confirm that ransomware works,
and there's no guarantee you'll get the encryption key you need in return."
Wil van Gemert, Europol's deputy director of operations, said ransomware has become "a dominant concern" for law enforcement, adding: "Initiatives like the No More Ransom project shows that linking expertise and joining forces is the way to go in the successful fight against cybercrime."
He elaborated: "[Ransomware] is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim's data. We expect to help many people to recover control over their files."