No More Ransom Adds Law Enforcement Partners From 13 Countries



Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through Intel Security, Kaspersky Labs, Dutch National Police, and Europol will be joined by members from Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland, and the United Kingdom.

Since its launch on July 25, 2016, No More Ransom has enabled ransomware victims to avoid paying an estimated US$1.48 million, or €1.35 million, in ransom payments to cybercriminals. The No More Ransom portal has received more than 24.5 million visitors since its launch, a consolidated average of 400,000 visitors per day.

No More Ransom addresses one of the fastest growing and most lucrative and efficient types of cybercrime. Whereas other types of cybercrime require cybercriminals to infect and infiltrate systems, exfiltrate data, and exploit and monetize that data, ransomware simply requires an infection cycle, followed by a payment process. There is no need to sell stolen data before banks and credit card companies can cancel stolen credit or debit numbers, or freeze logins to compromised accounts.

Because of this “ease of monetization” advantage, it should be no surprise that McAfee Labs has seen overall ransomware increase 128% over the past year. In the second quarter of 2016 alone, McAfee Labs detected 1.3 million new ransomware samples, the highest ever recorded since McAfee Labs began tracking this type of threat.

Furthermore, the ransomware threat has extended from individual users to systems belonging to businesses and life-saving organizations such as hospitals. Intel Security’s Advanced Threat Research team has identified numerous ransomware attack scenarios targeting Internet of Things devices such as home automation systems and routers and in-vehicle infotainment (IVI) systems within connected automobiles.

Home router infected with ransomware
Home router infected with ransomware.
Automobile IVI system infected with ransomware
Automobile IVI system infected with ransomware.

At present, five decryption tools are listed on the website. Since the launch of the portal in July, the WildfireDecryptor has been added and two decryption tools updated: RannohDecryptor (updated with a decryptor for the ransomware MarsJoke, aka Polyglot) and RakhniDecryptor (updated with Chimera). In order to broaden the audience and improve results even further, the portal is currently being adapted to support different language versions.

For more information on McAfee Labs’ analyses of various ransomware types and trends of ransomware evolution:


For more information on Intel Security’s participation in the No More Ransom project, please visit