13 countries join global fight against ransomware: Europol
17 October 2016
More than 2 500 victims were able to decrypt their devices thanks to No More Ransom
Just three months after the successful launch of the No More Ransom project, law enforcement agencies from a further 13 countries have signed up to fight ransomware together with the private sector.
The new members are: Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland and the United Kingdom. More law enforcement agencies and private sector organisations are expected to join the programme in the coming months. Their collaboration will result in more free decryption tools becoming available, helping even more victims to decrypt their devices and unlock their information, and damaging the cybercriminals where it hurts the most: their wallets.
The project’s objectives are supported by Eurojust and the European Commission, demonstrating the EU’s concern about the growing threat of ransomware.
No More Ransom was launched on 25 July 2016, by the Dutch National Police, Europol, Intel Security and Kaspersky Lab, introducing a new level of cooperation between law enforcement and the private sector to fight ransomware1 together. The aim of the online portal www.nomoreransom.org is to provide a helpful resource for victims of ransomware. Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves.
During the first two months, more than 2 500 people have successfully managed to decrypt their devices without having to pay the criminals, using the main decryption tools on the platform (CoinVault, WildFire and Shade). This has deprived cybercriminals of an estimated EUR 1.35 million in ransoms.
The more law enforcement agencies and private sector partners work together, the more decryption tools can be created and made available. Currently, five decryption tools are listed on the website.
Since the launch of the portal in July, the WildfireDecryptor has been added and two decryption tools updated: RannohDecryptor (updated with a decryptor for the ransomware MarsJoke aka Polyglot) and RakhniDecryptor (updated with Chimera).
“Europol is fully committed to supporting the enlargement of the No More Ransom project within the EU and internationally to respond to ransomware in an effective and concerted manner,” says Steven Wilson, head of the European Cybercrime Centre. “Despite the increasing challenges, the initiative has demonstrated that a coordinated approach by EU law enforcement that includes all relevant partners can result in significant successes in fighting this type of crime, focusing on the important areas of prevention and awareness. I am confident that the online portal will continue to improve in the months to come. All police forces are warmly encouraged to join the fight.”
In order to broaden the audience and improve results even further, the portal is currently being adapted to support different language versions.
As a second step, the project will welcome new companies from the private sector as well, after a very high level of interest and countless requests received.
Ransomware as a key threat
Ransomware continues to be the dominant concern for EU law enforcement. According to Europol’s Internet Organised Crime Threat Assessment (IOCTA) 2016, the number of cryptoware variants has multiplied in the last year. There are many targets for ransomware, from individual users’ devices, to networks within industry, healthcare or even governments. This broad range of victims is reflected in the activity on the No More Ransom portal: more than 24.5 million page views since its launch, with a consolidated average of 0.4 million per day.
Cryptoware (encrypting ransomware) has become the most prominent malware threat for citizens and enterprises alike. Law enforcement and the internet security industry have responded rapidly and in concert, with prevention and awareness campaigns and technical support, and operations targeting the criminal groups and infrastructure involved.
1 Ransomware is a type of malware that locks the victims’ computer or encrypts their data, demanding them to pay a ransom in order to regain control over the affected device or files. Ransomware is a top threat for EU law enforcement: almost two-thirds of EU Member States are conducting investigations into this form of malware attack. While the target is often individual users’ devices, corporate and even government networks are affected as well.