Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through www.nomoreransom.org. Intel Security, Kaspersky Labs, Dutch National Police, and Europol will be joined by members from Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland, and the United Kingdom.
Since its launch on July 25, 2016, No More Ransom has enabled ransomware victims to avoid paying an estimated US$1.48 million, or €1.35 million, in ransom payments to cybercriminals. The No More Ransom portal has received more than 24.5 million visitors since its launch, a consolidated average of 400,000 visitors per day.
No More Ransom addresses one of the fastest growing and most lucrative and efficient types of cybercrime. Whereas other types of cybercrime require cybercriminals to infect and infiltrate systems, exfiltrate data, and exploit and monetize that data, ransomware simply requires an infection cycle, followed by a payment process. There is no need to sell stolen data before banks and credit card companies can cancel stolen credit or debit numbers, or freeze logins to compromised accounts.
Because of this “ease of monetization” advantage, it should be no surprise that McAfee Labs has seen overall ransomware increase 128% over the past year. In the second quarter of 2016 alone, McAfee Labs detected 1.3 million new ransomware samples, the highest ever recorded since McAfee Labs began tracking this type of threat.
Furthermore, the ransomware threat has extended from individual users to systems belonging to businesses and life-saving organizations such as hospitals. Intel Security’s Advanced Threat Research team has identified numerous ransomware attack scenarios targeting Internet of Things devices such as home automation systems and routers and in-vehicle infotainment (IVI) systems within connected automobiles.
At present, five decryption tools are listed on the www.nomoreransom.org website. Since the launch of the portal in July, the WildfireDecryptor has been added and two decryption tools updated: RannohDecryptor (updated with a decryptor for the ransomware MarsJoke, aka Polyglot) and RakhniDecryptor (updated with Chimera). In order to broaden the audience and improve results even further, the portal is currently being adapted to support different language versions.
For more information on McAfee Labs’ analyses of various ransomware types and trends of ransomware evolution:
- Locky Ransomware Hides Inside Packed .DLL
- Cerber Ransomware Updates Configuration File
- ‘Cat-Loving’ Mobile Ransomware Operates With Control Panel
- ‘Thrones’ Jon Snow Appears to Employ Neutrino Exploit Kit
- Zcrypt Expands Reach as ‘Virus Ransomware’
- TorrentLocker Campaign Exploits Spanish Utility Brand
- Current Campaign Delivers Hundreds of Thousands of Polymorphic Ransomware
- McAfee Labs Unlocks LeChiffre Ransomware
- TeslaCrypt Ransomware Arrives via Neutrino Exploit Kit
- Locky Ransomware Arrives via Email Attachment
- Targeted Ransomware No Longer a Future Threat
- HydraCrypt Variant of Ransomware Distributed by Angler Exploit Kit
- New TeslaCrypt Ransomware Arrives via Spam
- Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat
For more information on Intel Security’s participation in the No More Ransom project, please visit www.nomoreransom.org.