No More Ransom Saves Victims

Uploaded on 2021-08-03 in INTELLIGENCE--Europe, GOVERNMENT-Law Enforcement, FREE TO VIEW

According to a recent Europol statement, a service called No More Ransom has assisted in the recovery of valuable information stolen by hackersThis has helped more than 6 million victims and has saved approximately €1B from cyber criminal hands. No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich. 

Ransomware victims are encouraged to reject the demand for payment. Moreover, the project members explain that by paying ransom to cyber criminals, you are only confirming that the ransomware is working, and there is no guarantee that you will receive the required decryption key in return.

To date, the No More Ransom repository of ransomware decryptors has helped more than 6 million victims recover their files, keeping nearly a billion euros out of the hands of cyber criminals says Europol recently.

No More Ransom is maintained via cooperation between the European Cybercrime Centre and several cybersecurity and other types of companies, including Kaspersky, McAfee, Barracuda and AWS. Its purpose is to keep victims from handing over the cash that helps fuel more ransomware attacks, according to Europol.

“The general advice is not to pay the ransom,” No More Ransom advises. “By sending your money to cyber criminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.”

Instead, the group directs victims to their Crypto Sheriff tool. There, victims can enter either the URL, onion or Bitcoin address given by the attacker to pay the ransom.

The tool searches the No More Ransom database, where the offerings have grown from an initial four decryptors back in 2016 to the current roster of 121 tools to decrypt 152 ransomware families. It’s also free and available in 37 languages, according to the group. If no decryptor is available for a given ransomware infection, keep checking back: No More Ransom regularly adds new unlock tools.

Don’t Pay the Ransom

Victims who are quick to pay identify themselves as easy prey. Cybereason reported that 80 percent of organisations that paid a ransom were then hit by a follow-up attack.  Half of those were attacked a second time by the same group, but a full third attracted additional threat actors smelling an easy payday.

Regular backups remain the best way to protect data from a ransomware attack, the Europol said. They further recommend users be mindful of the links they click on and update their security software. But most importantly, the cyber crime cops appeal to organisations to avoid handing over their money.

“If you become a victim, do not pay!” the Eurpol said. “Report the crime and check No More Ransom for decryption tools.”

Europol say that frequent backups are still the most effective method of preventing a ransomware infection. The agency advised users to pay close attention to the links they click and to keep their software up to date on a regular basis. Europol also strongly advises ransomware victims not to pay the ransom. The first step to take in this situation is to report the crime and then search for decryption tools in the No More Ransom repository.

The decryptors available in the No More Ransom repository have helped more than six million people to recover their files for free. This prevented criminals from earning almost a billion euros through ransomware attacks. Currently offering 121 free tools able to decrypt 151 ransomware families, it unites 170 partners from the public and private sector. The portal is available in 37 languages.

Despite controversy over whether businesses and organisations who fall victim to ransomware should meet criminals’ demands, the US government is unlikely to make it illegal for victims of ransomware attacks to pay the ransom.

According to the US Department of Justice, banning this act will only wreak further havoc. Bryan Vorndran, assistant director of the FBI's cyber division, told lawmakers on the US Senate Committee on the Judiciary that the agency does not recommend companies pay ransoms because it doesn't guarantee the business will regain access to their data or prevent data from ultimately being leaked.

Europol:        Threatpost:      Softpedia:      Dark Reading:      Oodaloop:     UrgentComm:

You Might Also Read:

Negotiating Ransom: To Pay Or Not?:

 

« Cyber Attacks May Lead To A “shooting war”
Learn how to detect and respond to insider threats »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

CyCognito

CyCognito

CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn't even know existed.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

DerSecur

DerSecur

DerSecur has been engaged in advanced technology activities in the field of Application Security since 2011. We offer R&D technology solutions in the field of SAST, DAST and SCA analysis.

CyberMindr

CyberMindr

CyberMindr is a SaaS platform for Automated & Continuous Attack Path and Threat Exposure Discovery helps you to proactively identify & assess your attack surface to mitigate associated threats.

NSI Global

NSI Global

NSI Global is a specialist Global Risk and Intelligence Advisory Firm. We specialise in Risk Consulting, Security Intelligence, Geopolitical Intelligence, Cyber Security, Digital Forensics, and TSCM.

EU CyberNet

EU CyberNet

EU CyberNet – the bridge to cybersecurity expertise in the European Union. We establish a network and a practical learning platform with the goal to strengthen cybersecurity globally.