FacebookTwitterLinkedIn

Onwards and Upwards for No More Ransom

Good news when it comes to matters concerning cybersecurity is in the vast minority when compared to data breaches, ransomware infections, state-sponsored attacks, and the like. Often vast amounts of money are stolen, defrauded, and extorted from victims and with such a torrent of threats and information about new threats individuals can often be left feeling helpless. The reality is there exist partnerships that spread across the globe that do their utmost to combat the scourge of cybercrime. One of those partnerships is No More Ransom, a partnership between law enforcement and private institutions to combat and disrupt ransomware operations.

The partnership was initially created by three founding partners in July 2016, those organizations being Europol, Politie, and McAfee. The partnership has since grown to include more than 150 partners. Today (link to press release when officially released), July 26, 2019, marks the partnerships third anniversary. Over those three years, No More Ransom has racked up some significant milestones along the way. The industry often measures the success of a particular ransomware strain by the amount of money it has made. No More Ransom can be seen as the complete opposite. At the time of writing the partnership had helped more than 200,000 victims successfully recover encrypted files. The site has been visited over 3 million times with visitors from 188 countries. Perhaps most significantly the partnership has prevented an estimated 108 million USD in profit from reaching the pockets of cybercriminals. No More Ransom has come to be an important resource in the fight against ransomware for individuals and organisations.

As well as been the first partnership between law enforcement that provides victims with a viable solution rather than paying cybercriminals the ransom demanded to decrypt precious files, one of the achievements of the partnership to date was the assisting in combating GandCrab. The assistance provided resulted in the releasing of decryption tools that victims could use to decrypt their files. It is safe to assume that the development of these tools and releasing them to the public at no cost helped lead to the operators of GandCrab closing down operations and allegedly retiring. No More Ransom estimates that since the first tool was released in February 2018, almost 40 000 people have successfully decrypted their files, saving roughly 50 million USD in ransom payments. It is not only versions of GandCrab that can be decrypted, to date victims can decrypt files encrypted by 109 different types of ransomware variants, with 19 being added in 2019 so far.

onwards and upwards of no more ransom project

The site was initially available only in English but since then now includes functionality for 35 different languages. With English, Korean, Dutch, Russian and Portuguese feature as the top five languages used on the site, followed by French, Chinese, German, Spanish and Italian the problem is truly a global one which required a global partnership to assist in combatting ransomware infections. Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3) summarised the partnerships main role as,

“When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds. A wrong click and databases, pictures and a life of memories can disappear forever. No More Ransom brings hope to the victims, a real window of opportunity, but also delivers a clear message to the criminals: the international community stands together with a common goal, operational successes are and will continue to bring the offenders to justice.”

Prevention Better Than Cure

While developing tools for the decryption of illegally encrypted files form an important part of the work done by No More Ransom another part is the education provided by the site. Educational material is often provided by the site and its partners so to help inform users about how infections occur and how law enforcement agencies and No More Ransom work together in helping prevent further infections. Believing that prevention is better than cure, No More Ransom provides advice as to the prevention of infections. Advice ranges from ensuring backups are made at regular intervals to keeping software up to date. In the latest press release issued by No More Ransom this policy of prevention was further highlighted, stating,

“Prevention remains as the most effective shield of protection. Citizens and business are remained to follow a number of simple steps to avoid ransomware from getting into their electronic devices in the first place: keep offline backups, ensure the software are up to date, use a robust antivirus and apply caution when clicking on attachments and visiting unknown websites.”

That being said, sometimes despite developing good online habitats infections can still happen. Having a global partnership dedicated to helping victims recover files will certainly help potential targets rest easier. For those victims who have had important memories associated with photos encrypted, No More Ransom can be a godsend.  It is hoped that the partnership of  42 law enforcement agencies, 5 EU Agencies, and 101 public and private entities continues growing from strength to strength and far more anniversaries can be celebrated and many more millions of dollars are prevented from reaching criminal’s back pockets. If you have been a victim of ransomware it is advised that you visit No More Ransom to gather more information and hopefully decrypt files without paying a ransom. Further, the website provides links to various law enforcement agencies for the reporting of the crime.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal