Security

No More Ransom takes a bite out of ransomware

No More Ransom is a project with Kaspersky Lab, Intel Security, and two law enforcement agencies to help victims of ransomware understand their options when facing a digital extortion attempt.

ransomwareistock45867650nevarpp.jpg
Image: iStock/nevarpp

Ransomware got its start in the late 1980s with a piece of malware called PC Cyborg. The idea behind PC Cyborg was to extort money from hapless victims who had accidentally downloaded the trojan onto their computers. PC Cyborg's author programmed it to hide all folders and encrypt file names on the C: drive. PC Cyborg was not that successful, but the criminal element saw great promise and before long became very adept at deploying ransomware and extorting money from victims. Case in point, ZDNet writer Danny Palmer reports that, "The total cost of damages related to attacks using cryptographic file-locking software could reach $1 billion this year (2016)."

For those fortunate to be unfamiliar with ransomware, the FBI offers one of the better definitions:

"Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted."

SEE: Ransomware: The smart person's guide

Why is ransomware so successful?

Ransomware is successful simply because the first indication that something is wrong occurs when a computer's systems and/or data are already compromised. Meaning, unless the user is experienced in ransomware remediation, the victim has two choices: meet the extortionist's demands or rebuild the computer. Neither of which are great options.

However, there is hope. Kaspersky Lab, Intel Security, the National High Tech Crime Unit of the Netherlands' police, and Europol's European Cybercrime Centre have come together to help victims try and recover data being held hostage without paying ransom demands. The result of their collaboration is the No More Ransom website. As to the intentions of the people involved with No More Ransom, this is from the website:

"The police cannot fight cybercrime, and ransomware in particular, on its own. And security researchers cannot do it without support from law enforcement agencies.... Together we will do everything in our power to disrupt criminals' money-making schemes and return files to their rightful owners, without the latter having to pay loads of money."

SEE: Cybersecurity ebook: The ransomware battle (Tech Pro Research)

How No More Ransom works

The website is divided into the following sections.

Crypto Sheriff: There are several kinds of ransomware, with more being devised all the time. In order to apply the correct solution, the type of ransomware needs to be determined by uploading a single encrypted file to the Crypto Sheriff section of the website (Figure A). This link is to a YouTube video describing the process.

Figure A

nomoreransom-1.jpg
Image: No More Ransom

Decryption Tools: Once the type of ransomware is determined, hopefully, the webpage (Figure B) will have a tool that can decrypt the files being held hostage by the malware. If you have been infected with one of these types of ransomware, click the link, and it will lead you to a decryption tool. Please note the following message before applying the decryption tool:

"Before downloading and starting the solution, read the how-to guide. Make sure you remove the malware from your system first. Otherwise, it will repeatedly lock your system or encrypt files. Any reliable antivirus solution can do this for you."

Figure B

nomoreransomdecryptiontools.jpg
Image: No More Ransom


Report a Crime: The law enforcement agencies involved with No More Ransom and the FBI consider extortion via ransomware a crime. In fact, clicking on the Report USA button (Figure C) brings you directly to the FBI Internet Crime Complaint Center where a complaint can be filed.

Figure C

nomoreransomreportacrime.jpg
Image: No More Ransom


Prevention Advice: The website authors are very candid about prevention and education, saying, "Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to prevent infection."

SEE: How to avoid ransomware attacks: 10 tips

Besides the generic advice (Figure D), both Kaspersky Lab and Intel Security offer their anti-ransomware solutions.

Figure D

nomoreransom-5.jpg
Image: No More Ransom

Ransomware: Q & A: Using the question and answer section (Figure E) should be self-explanatory. One of the more helpful responses answers the question: "Why is it so hard to find a single solution against ransomware?"

Figure E

nomoreransomqa.jpg
Image: No More Ransom


And, one final piece of advice from the people at No More Ransom:

"The general advice is not to pay the ransom. By sending your money to cybercriminals you'll only confirm that ransomware works, and there's no guarantee you'll get the decryption key you need in return."

Also see

About

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox