If you have been following our blog and social media activity during 2020, you will likely be aware that we have unfortunately had to focus more than usual on our own urgent financial needs recently. However, we have continued to highlight our ever-expanding range of public benefit services and our ongoing cyber security research – work done both internally and with CSIRT organizations and private industry partners. Today we’d like to take a moment to talk about the great work that is being done in the community (and that Shadowserver is now officially supporting), in the form of the fantastic NoMoreRansom initiative.
The Shadowserver Foundation has had a long and fruitful relationship with Europol and the Dutch National Police (two of the founders of the NoMoreRansom project) over the years. We formalized our official partnership with the European Cybercrime Centre (EC3) at Europol on April 10th 2015 and we have enjoyed collaborating with them on many successful cybercrime disruption efforts (including operations such as AAEH/Beebone with EC3 and McAfee, Avalanche and Andromeda, Goznym and others).
Over the past few years, the use of ransomware has exploded, becoming an increasing threat to many individuals and businesses. Although a relatively simple concept (infect a victim’s computers with malware, encrypt their files and then attempt to extort money for receiving the decryption keys necessary to recover their often vital data, usually using cryptocurrency), the impact and damage to the victims can often be huge. Ransomware first hit the world’s headlines via malware families such as Cryptolocker, Cryptowall, Locky, Wannacry and Teslacrypt, then developed through ransomware-as-a-service schemes such as Petya, NotPetya, Cerber and more recently Gandcrab. More recent ransomware families such as Gandcrab descendant REvil/Sodinokibi, Ryuk (often delivered by Trickbot/Emotet) and Maze have continued to plague victims, adding more targeted capabilities as well as sometimes publishing confidential data and selling information to the highest bidder. Attackers are still continuing to rapidly evolve a highly effective and lucrative business model.
On July 26th 2016, EC3 and the Dutch National Police partnered with the private sector infosec companies McAfee and Kaspersky to launch NoMoreRansom.org. The public benefit website was designed to draw together the best resources from Law Enforcement and private industry to tackle the scourge of ransomware – providing sound advice, links to reporting agencies (to encourage the public to report ransomware crimes), and best of all, free decryption tools. These tools are developed and provided to the public at no cost by a team of public spirited companies who want to help victims recover their data, without having to pay ransoms, thereby hopefully spoiling the criminals’ intentions. NoMoreRansom showcases the value of public-private cooperation in disrupting criminal businesses with ransomware connections. You can read more on the behind the scenes story about how NoMoreRansom came to be founded here.
In the almost four years since NoMoreRansom was founded, the website has become the go-to resource on the Internet to learn more about ransomware and the first point of call for the many people unfortunately needing to decrypt their suddenly encrypted files. NoMoreRansom now supports decryption for over 120 different ransomware variants, with support for new variants being added by partners all the time. Available in 36 languages, covering much of the world’s online population, the site includes a “Crypto Sheriff” tool to help victims detect which variant of ransomware they are infected with, and whether a known decryption solution exists. These capabilities have helped prevent hundreds of millions of Euros of attempted ransoms from being paid by victims to the criminals targeting them. NoMoreRansom has had a major positive global impact in the fight against cybercrime, which everyone involved can be very proud about.
The extensive online documentation, regularly enhanced free decryption tools and public benefit services are generously supported by 43 Law Enforcement agencies, 5 EU agencies and over 100 public and private entity partners. We at The Shadowserver Foundation are very happy to put on record our support for this excellent public benefit initiative. We provide NoMoreRansom with malware samples through our malware sample exchange program and through continued support for ongoing LE operations against these damaging, high impact online threats. We encourage other like-minded organizations to support NoMoreRansom and consider joining as partners too.
If you ever have the misfortune of finding your personal or work computer systems infected with ransomware, we highly encourage you to make NoMoreRansom the first place you look for assistance before you consider paying the ransom. But better still – don’t wait to be a victim, visit the NoMoreRansom site now, read the clear advice and share the link with friends, family and colleagues today, to help protect all Internet users from the threat of ransomware.