Ransomware: These free decryption tools have now saved victims over $600m

Four years on from launch, the No More Ransom initiative has helped over four million victims of ransomware attacks retrieve their files for free.
Written by Danny Palmer, Senior Writer

Over four million victims of ransomware attacks have now avoided paying over £600 million in extortion demands to cyber criminals in the first four years of Europol's No More Ransom initiative.

First launched in 2016 with four founding members, No More Ransom provides free decryption tools for ransomware and has been growing ever since, now consisting of 163 partners across cybersecurity, law enforcement bodies, financial services and more.

Together, they've released free decryption tools for over 140 families of ransomware that have been downloaded a combined total of over 4.2 million times – something that Europol estimates has prevented $632 million from being paid out to cyber criminals.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

Among the top contributors to the project are Emsisoft, which has provided 54 decryption tools for 45 ransomware families, founding member Kaspersky, which has provided five tools for 32 ransomware families and Trend Micro, which has provided two decryption tools for 27 ransomware families.

Other cybersecurity firms that have provided multiple tools to No More Ransom include Avast, Bitdefender, Check Point, ESET and founding member McAfee.

No More Ransom is now available in 36 languages and has received visitors from 188 countries around the world. The largest number of visitors come from South Korea, the US, Brazil, Russia and India.

"No More Ransom is everything coming together – key partners and law enforcement agencies from across the world – and everyone is going in the same direction. As everyone contributes what they have in relation to this threat, we are seeing concrete steps to counter ransomware on a preventative level." Edvardas Šileris, head of Europol's European Cybercrime Centre (EC3), told ZDNet.

"Ultimately, it doesn't matter how much money is saved, but rather how many people get their files back for free. It is just as important for a parent to recover the pictures of their loved ones as it is to recover a corporate network," he added.

While No More Ransom has proved useful to victims of ransomware, Europol itself still recommends that prevention is the best means of staying safe from attacks – especially as the ever-evolving nature of ransomware means there are many forms of the malware out there that don't have free decryption tools and maybe never will.

Preventative steps recommended by Europol include backing up important files offline, so that in the event of an attack, files can be immediately retrieved, no matter if a decryption tool is available or not. Europol also recommends that users don't download programs from suspicious sources or open attachments from unknown senders, so as to avoid falling victim to email-based attack.

SEE: Garmin's outage, ransomware attack response lacking as earnings loom

Despite the best efforts of No More Ransom and other cybersecurity initiatives, ransomware remains a highly effective money-making tool for cyber criminals, who in many cases can make hundreds of thousands or even millions of pounds from a single attack. However, applying security updates and patches to PCs and networks can go a long way to stopping attacks in the first place.

"No More Ransom is like a car seatbelt: it's a critical safety net, but it's best to abide by the rules of the road to lessen the chance of needing to use it. Or, to be put it another way, ransomware is definitely a case in which prevention is better than cure," says Brett Callow, threat analyst at Emsisoft.

"Ransomware attacks are becoming ever more sophisticated and the big game hunters are successfully hunting ever bigger game. Consequently, companies of all sizes need to ensure their security is up to snuff".


Editorial standards