European law enforcement and global tech firms have joined forces to help victims fight the crypto-ransomware scourge.
As the new website nomoreransom.org states, ransomware criminals leave victims with two options: pay or lose your locked-up files forever, a supposed choice that regularly leads people to pay their extortionists in anonymous Bitcoin.
The website is the product of a collaboration between the Dutch National Police, Europol, Intel Security, and Kaspersky Lab. The group released a tool containing over 160,000 decryption keys, however these appear to be mostly for computers infected with variants of the Shade family of ransomware.
The bulk of the keys were obtained after the Shade operation’s command and control server was seized, which were then shared with Kaspersky Lab and Intel Security. Other decryption keys are available for the families of ransomware known as CoinVault, Rannoh, and CryptXXX.
File-encrypting ransomware has become a real problem for consumers as well as organisations, some of which have paid tens of thousands of dollars to recover files.
While the group does plan on adding more decryption keys if they become available, it warns there are no decryption keys that cover all variants of ransomware, which makes awareness of the threat and the private and public sector partnership key to cutting off funds to ransomware criminals.
The No More Ransom website offers an explanation of what ransomware is, prevention advice and encourages victims to report ransomware incidents to law enforcement. It also offers
"For a few years now ransomware has become a dominant concern for EU law enforcement. It is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim's data,” said Wil van Gemert, Europol Deputy Director Operations.
“Initiatives like the No More Ransom project shows that linking expertise and joining forces is the way to go in the successful fight against cybercrime. We expect to help many people to recover control over their files, while raising awareness and educating the population on how to maintain their devices clean from malware."
Ransomware has become a feared category of malware in part because it is a direct affront to the victim. Instead of malware stealing banking credentials as part of a plan to steal money from online accounts, victims are forced to either figure out how to decrypt files or pay up.
However, as Microsoft recently highlighted in an analysis of ransomware, the number of users who encounter ransomware remains relatively low compared to other malware. Windows users were, for example, 11 times more likely to encounter a trojan than ransomware in the first half 2015, according to Microsoft. Additionally, infection rates are far lower than encounter rates. Still, Microsoft is concerned by the emergence of ransomware service providers that allow less skilled criminals to participate in the crime, as well as ransomware merging with other malware in order to monetise networks of existing infected computers.