Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



No More Ransom Alliance Gains Momentum

In July 2016 the Dutch National Police, Europol, Kaspersky Lab and Intel Security launched the No More Ransom project and website. A primary purpose is to help victims of ransomware recover encrypted files without having to pay the criminals.

In July 2016 the Dutch National Police, Europol, Kaspersky Lab and Intel Security launched the No More Ransom project and website. A primary purpose is to help victims of ransomware recover encrypted files without having to pay the criminals.

In October, the alliance expanded with the addition of law enforcement agencies from 13 additional countries. At that time Europol told SecurityWeek that public and private interest in the project had been greater than anticipated, and expansion had subsequently been ascribed to two separate phases. This was Phase 1: LEAs. Phase 2, already in progress, would see the arrival of private industry.

Yesterday, in Phase 2, Europol announced further expansion with the inclusion of four new ‘Associated’ partners: Bitdefender, Check Point, Emsisoft and Trend Micro. Associated partners comprise those partners able to provide additional decryption keys or tools, sign a legal agreement and become fully involved with the project. These new partners have brought with them 32 additional decryption tools to bolster the previous 8 tools.

Organizations unable, for whatever reason, to sign a legal agreement but who still wish to support the project can do so as ‘Supporting’ partners. Yesterday, more than 20 new Supporting partners were also announced, including Anubis Networks, Cylance, ESET, G-Data, Heimdal Security, S21Sec, Smartfense and others. Law enforcement involvement also increased with Austrian, Croatian, Danish, Finnish, Maltese, Romanian, Singaporean and Slovenian police joining — making a total of 22 countries’ LEA involvement.

Ransomware has been the scourge of 2016. Victim losses to ransoms totaled $24 million in 2015. This year predictions put the total amount closer to $1 billion. This puts the 6000 people and $2 million saved so far by No More Ransom into perspective — which does not belittle the benefit to those 6000 people.

Recent surveys from both IBM X-Force and Sophos show that most end users and consumers still have little understanding of the threat. The IBM report noted, “The results show a lack of [consumer] awareness about ransomware, which may be resulting in little or no action taken to protect devices and data.” Furthermore, there seems little understanding of what to do if infected. “Friends and family members consistently rank among the top two go-to sources.”

These figures are corroborated by a separate survey, detailed in a blog post yesterday, by Sophos. “The survey confirmed,” it says, “that out of all the people who took part over half give IT advice to family and friends. Yet, 14% of these people admitted to feeling unsure about whether they had properly backed up the data on someone else’s computer or if they have the ability to recover that data if it was hacked, 18% didn’t know either way and 11% are not even sure that the computers they look after are protected from hackers and viruses.”

There can be little doubt that having a professional source to turn to will help consumers. It’s not so clear what benefit will accrue to enterprises. Enterprises already have professional IT expertise in-house; but are currently still forced to pay up. The IBM survey reports, “Almost one in two executives (46 percent) has some experience with ransomware attacks in the workplace, and 70 percent of that 46 percent have paid to get data back.”

Advertisement. Scroll to continue reading.

Nevertheless, the existence of the No More Ransom website is considered a valuable addition in the fight against extortion. “I think there’s something to be said for having collected decryptors from several sources in one place,” security researcher David Harley told SecurityWeek. “And, of course, it’s a good thing that 6,000 people who might otherwise not have found help were able to do so — and I welcome anything the site can do to lessen the impact of extortionists and cybercriminals.” 

But he added, “I suspect that individuals are benefiting more than organizations, since a company of any size is more likely to have access to other reliable sources of help and information. But I don’t know: that’s the sort of information that the site could usefully share,” he suggests.

Harley would also like to see an expansion of the data the site already provides. “It does seem to me that the addition of tools and information from sources lower down the partner hierarchy (or not represented there at all) could add greatly to its usefulness. I’d certainly like to see more comprehensive information made available or linked from there as well as decryptors. After all, there are a lot of cases that current decryption tools can’t fix.”

Unsurprisingly, Kaspersky Lab (one of the project’s original founders) has greater confidence. “Nearly a quarter of ransomware attacks affected businesses this year,” principal security researcher David Emm told SecurityWeek; “this included all sectors, including education, telecoms, entertainment and healthcare. So No More Ransom (which has so far helped 6,000 people to save around $2 million) is of help to businesses as well as consumers.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.