Ransomware resource claims to have prevented $900m in payments

27 Jul 2021

Image: © Yingyaipumi/Stock.adobe.com

In five years of operation, Europol’s No More Ransom portal has built up a repository of more than 100 ransomware decryption tools.

When No More Ransom first launched in 2016, the online portal offered four decryption tools for different types of ransomware.

Today, NoMoreRansom.org offers free downloads of 121 tools to decrypt 151 ransomware families. These tools have seen more than 6m downloads and Europol, one of the project’s founders, claims they have helped prevent more than $900m reaching cybercriminals.

No More Ransom is an initiative started by Europol, the Dutch police service, Intel Security and Kaspersky Lab. The public-private partnership now involves law enforcement agencies around the world, including An Garda Síochána, as well as a vast number of IT security companies.

Key partners such as Trend Micro, Avast, Cisco, ESET, F-Secure and Bleeping Computer have helped build up the site’s repository of decryption keys. Ransomware families such as Avaddon, Lorenz, Ziggy, Fonix, Crypt32, Darkside and many more are covered, and the site is updated regularly with new additions as they are discovered.

For users unsure of what ransomware they’re dealing with, a Crypto Sheriff will assist them. This tool reviews information from encrypted files and ransomware notes submitted by users, looking for a decryption match among the available tools. Users can also easily find where to report cybercrime for their jurisdiction.

Available in 37 languages, the site also offers visitors advice on how to protect against ransomware.

Europol warns that anyone, from individuals to companies of all sizes, could be targeted by a ransomware attack. It recommends that “the best way to stay healthy is to not get sick” and much of the site’s prevention advice hinges on personal responsibility. Individual users must beware of attachments in emails or website downloads, and always think before they click.

Ransomware is now one of the most common forms of cyberattack, and the cost of these attacks is leading to a surge in cyber insurance prices.

High-profile attacks recently alerted the world at large to an ongoing ransomware scourge. The Irish health service is still suffering the disruptive effects of a cyberattack in May this year. This was preceded by a cyberattack on a US gas pipeline and followed by a ransomware attack on the world’s largest meat producer.

In the wake of these attacks, the European Commission suggested a Joint Cyber Unit to unite member states in threat monitoring and detection, and US president Joe Biden proposed billions in funding for cybersecurity. In Ireland, a significant Government investment will see the country’s National Cyber Security Centre more than double its headcount in the next five years.

Key to preventing the spread of ransomware is ensuring that it doesn’t continue to present a profitable business model for cybercriminals.

Lindy Cameron, CEO of the UK’s National Cyber Security Centre, recently praised the decision by Ireland’s national health service not to pay the ransom demanded of it. “Cybercriminals are out to make money – the more times a method is successful, the more times it will be used,” she warned.

On its website, the UK centre provides a 10-step process and a regularly updated toolkit to tackle cyberattacks.

Elaine Burke is the editor of Silicon Republic

editorial@siliconrepublic.com