Security Experts:

NoMoreRansom Expands with New Decryptors, Partners

NoMoreRansom, a project launched in 2016 by Europol, the Dutch National Police, Kaspersky Lab and Intel Security (now once again McAfee) has published its latest progress report. NoMoreRansom collects the available ransomware decryption tools into a single portal that victims can use to recover encrypted files without having to pay the criminals.

Since the last Europol update in December 2016, the project's decryption library has been supplemented by the addition of 15 new decryption tools. The catalogue of project partners has expanded by 30 to 76 public and private members, including the law enforcement agencies of Australia, Belgium, Israel, South Korea, Russia and Ukraine; and Interpol. SentinelOne and Verizon Enterprise Solutions are among the new private members.

The full list of available decryption tools can be found here, while the project members can be found here.

According to Europol, 10,000 ransomware victims from all over the world have regained their files through NoMoreRansom since the last December update. Statistics show that most visitors to the platform come from Russia, the Netherlands, the United States, Italy and Germany.

One of the new decryptors, provided by Bitdefender, rescues files from the Bart family of ransomware. "The tool," says Bitdefender, "is a direct result of successful collaboration between Bitdefender, Europol and Romanian police, supporting the 'No More Ransom' initiative kick started by Europol's European Cybercrime Centre."

Unlike other ransomware families, Bart does not require an internet connection to encrypt the victim's files, although one is required to receive the decryption key from the attacker's C&C server. The malware doesn't function if the computer's language is detected as Russian, Belorussian, or Ukrainian -- "most probably," suggests Bitdefender, "because it was written by a Russian speaking hacker."

The developers of Bart are the same criminal gang as those behind the Dridex and Locky ransomware strains. 

Losses to ransomware continue to increase, rising by 300% from 2015 to 2016 to an estimated total of $1 billion. Estimates for 2017 indicate that the threat is still growing.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.