No More Ransom’ is collecting decryptors so ransomware victims don’t have to pay to get their data back & attackers don’t get their ransom.
So far, the No More Ransom repository of ransomware decryptors has helped more than 6m victims recover their files, keeping nearly a billion euros out of the hands of cyber-criminals, according to a Mon. release.
European Cybercrime Centre
Launched 5 years ago, ‘No More Ransom’ is maintained via co-operation between the European Cybercrime Centre & several cyber-security & other types of companies, including Kaspersky, McAfee, Barracuda & AWS. Its purpose is to keep victims from handing over the cash that helps fuel more ransomware attacks, according to Europol.
“The general advice is not to pay the ransom,” No More Ransom advises. “By sending your money to cyber-criminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.”
Instead, the group directs victims to their Crypto Sheriff tool. There, victims can enter either the URL, onion or Bitcoin address given by the attacker to pay the ransom. The tool searches the ‘No More Ransom’ database, where the offerings have grown from an initial 4 decryptors back in 2016 to the current number of 121 tools to decrypt 152 ransomware families. It’s also free & available in 37 languages, according to the group.
If no decryptor is available for a given ransomware infection, keep checking back: ‘No More Ransom’ regularly adds new unlock tools.
Don’t Pay the Ransom
Ransomware victims are increasingly reluctant to pay ransom demands. A poll from June found 80% of respondents who were hit by a ransomware attack refused to pay for a decryptor that may, or might not, show up.
Worse, a June report from Cybereason indicates victims who are quick to pay identify themselves as easy prey. Cybereason reported that 80% of organisations that paid a ransom were hit with a follow-up attack. Half of those were attacked a 2nd time by the same group, but a full 3rd attracted additional threat players sensing an easy pay-out.
‘No More Ransom’ is an answer to the rise of cyber insurance companies, which seem to be injecting massive amounts of cash into the ransomware ecosystem. During the 1st half of 2020, ransomware attacks made up 41% of the total cyber insurance claims, according to a June Cyber Claims Insurance report from Coalition.
Besides funding a criminal enterprise, payment of ransomware to sanctioned nation-state actors could put an organisation in breach of the US Department of Treasury, which added several ransomware groups to its sanctions list in Oct. 2020.
Regular backups remain the best way to protect data from a ransomware attack, the Europol stated. They further recommend users be mindful of the links they click on and update their security software. But most importantly, the cyber-crime cops appeal to organisations to avoid handing over their money.
“If you become a victim, do not pay!” Eurpol concluded. “Report the crime & check No More Ransom for decryption tools.”