Ransomware: 1.5 million people have got their files back without paying the gangs. Here's how

No More Ransom project now offers free tools for decrypting 165 families of ransomware as the fight against extortion groups continues.
Written by Danny Palmer, Senior Writer
Image: Getty

The battle against ransomware is challenging because not only are ransomware attacks extremely disruptive, but in many cases, victims opt to pay the ransom demand for a decryption key – fueling additional ransomware attacks because criminals know they can make easy money. 

However, one scheme continues to take the fight to ransomware gangs and has now helped over 1.5 million victims successfully decrypt their machines without giving into ransom demands, preventing an estimated $1.5 billion from ending up in the hands of cyber criminals. 

The figures come from Europol on the sixth anniversary of No More Ransom, the European Union law enforcement agency's anti-ransomware initiative.

SEE: Ransomware: Why it's still a big threat, and where the gangs are going next

First launched in 2016 by Europol, the Dutch National Police (Politie), and a handful of cybersecurity and IT companies with four decryption tools available, No More Ransom has now grown to offer 136 free decryption tools for 165 variants of ransomware, including GandCrab, REvil, Maze, and more. 

Over 188 partners from the private sector, the public sector, law enforcement, academia and others are now involved in the scheme, which continues to provide new decryption tools, with a portal available in 37 languages to help victims of ransomware attacks around the world. 

According to Europol, the scheme has helped over 1.5 million victims decrypt their devices without needing to pay a ransom for a decryption key. However, the agency is under no illusions that the battle is won, especially as ransomware not only continues to be a problem, but it also continues to become more dangerous and effective

"It's up to us as Europol and other law enforcement agencies to keep evolving ourselves as well, rethink our strategies beyond No More Ransom. The No More Ransom platform is in place and hopefully it will stay in place for a long time as an answer to many of those scams," said Marijn Schuurbiers, head of operations at Europol's European Cybercrime Centre (EC3). 

Law enforcement agencies are also looking at new ways to stop attacks: that includes disrupting infrastructure being used by cyber criminals. Europol has previously taken action against cyber crime in this way

SEE: Cloud computing security: Five things you are probably doing wrong

There are also actions which everyone can take to help avoid falling victim to ransomware. Europol recommends regularly backing up data on devices, so it can be recovered without paying a ransom, ensuring security software and operating systems are up to date with the latest security patches, and using multi-factor authentication to help prevent accounts being hacked and abused to help launch ransomware attacks. 

In the event of falling victim to a ransomware attack, Europol urges victims not to pay a ransom but to check the No More Ransom portal for help and report the incident to the police – because each report of a ransomware attack can help provide additional insights into how ransomware works.


Editorial standards