The No More Ransom initiative, a joint project between Europol, the Dutch police’s national cyber crime unit, and cyber security suppliers Kaspersky and McAfee, claims to have saved end-users as much as £855m, or €1bn, in the five years since it was launched.
The free-to-user service now provides 121 decryption tools for 151 different ransomwares and is thought to have helped six million people since it began.
Besides its four founding partners, it has expanded since 2016 to include almost 170 other organisations from law enforcement and the private sector, with decryption tools supplied by the likes of Emsisoft, Trend Micro, Bitdefender, Avast, Cisco and Check Point, among many others.
“I’m extremely happy that since the start of the project, we have been able to help so many people get their files back without paying,” said Jornt van der Weil, security researcher at Kaspersky’s Global Research and Analysis Team (GReAT). “We keep on fighting ransomware with our industry partners and law enforcement agencies from all over the world to help even more users and prevent further damage.”
To mark its fifth anniversary, No More Ransom has today relaunched its website, alongside an updated version of its Crypto Sheriff tool, which enables both individuals and organisations that have been infected by ransomware to upload encrypted files and ransom notes – specifically information such as email addresses, website URLs, or Onion or bitcoin addresses – in order to establish what has happened and whether or not the service’s database contains a useful decryption key.
Since the service was established in 2016, the incidence of ransomware attacks has increased to pandemic proportions – around 718,000 users were hit by ransomware between April 2015 and April 2016, while recent statistics garnered by SonicWall found more than 200 million attempted attacks between January and May 2021 alone.
The past five years have also seen the emergence of new techniques used by ransomware gangs, including the now widespread – if not universal – double extortion attack in which files are not only encrypted but stolen and leaked to embarrass the victim into paying, as well as large-scale ransomware attacks that cause disruption not just for the victim but beyond, for example the recent attacks on Colonial Pipeline and JBS.
In spite of this, the basic guidance on how to avoid falling victim to a ransomware attack remains, by and large, unchanged. For organisations, best practice includes keeping pace with patches and critical software updates, to maintain online and offline system backups, ideally offsite, and to keep up to date with end-user training, as many ransomware attacks will begin via convincing-looking phishing emails.
The No More Ransom initiative maintains detailed guidance online, while similar resources are available from the likes of the National Cyber Security Centre in the UK and the Cybersecurity and Infrastructure Security Agency in the US.
