Ransomware gangs been prevented from making over a billion dollars following ransomware attacks by free decryption tools made available by the No More Ransom scheme.
The project, founded by Europol, the National High Tech Crime Unit of the Netherlands' police, Europol's European Cybercrime Centre, Kaspersky, and McAfee, launched five years ago and has grown to involve 170 partners across law enforcement, cybersecurity companies, academia, and others.
The No More Ransom portal now offers 121 free ransomware decryption tools which can decrypt 151 ransomware families. They've helped more than six million ransomware victims recover their encrypted files for free – all without the need to give into the demands of cyber extortionists.
Available in 37 languages, ransomware victims around the world have used the portal to help against ransomware attacks. The website's 'Crypto Sheriff' allows users to upload encrypted files to help identify which form of ransomware they've fallen victim to, then directs them to a free decryption tool if one is available.
So far, this has saved victims from paying just over €900 million – or just over a billion dollars – to cyber criminals, disrupting ransomware groups ability to profit from their campaigns.
"Together we will do everything in our power to disrupt criminals' money-making schemes and return files to their rightful owners, without the latter having to pay loads of money," says the mission statement on the No More Ransom website.
To mark the five-year anniversary of No More Ransom, the website has been updated to be more user friendly, with updated information on ransomware as well as advice on how to prevent a ransomware infection - for both regular and business users, because as Europol notes, "Anyone can be a target – individuals and companies of all sizes".
That advice includes regularly making backups of data, so that in case of a ransomware attack, the network can be restored in the least disruptive way possible with the most recent data available.
No More Ransom also suggests that software and operating systems are kept up to date with the latest security patches, to stop cyber criminals from exploiting known vulnerabilities to help carry out ransomware attacks.
It's also suggested that corporate networks and remote desktop protocol (RDP) services are secured with multi-factor authentication, to provide an extra barrier to help stop cyber criminals from being able to access the network in the first place.
No More Ransom also recommends that despite the disruption caused by ransomware attacks, victims shouldn't give in and pay. Not only because there's no reason to trust that criminals will provide a legitimate decryption key, but paying just shows that ransomware works, encouraging further attacks.
"If the ransom is paid, it proves to the cyber criminals that ransomware is effective. As a result, cyber criminals will continue their activity and look for new ways to exploit systems that result in more infections and more money on their accounts," says the No More Ransom advice.
MORE ON CYBERSECURITY
- This VPN service used by ransomware gangs was just taken down by police
- Ransomware is now a national security risk. This group thinks it knows how to defeat it
- With ransomware attacks on the rise, US launches new site to combat the threat
- Ransomware: This new free tool lets you test if your cybersecurity is strong enough to stop an attack
- Have we reached peak ransomware? How the internet's biggest security problem has grown and what happens next