Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

NoMoreRansom Expands with New Decryptors, Partners

NoMoreRansom, a project launched in 2016 by Europol, the Dutch National Police, Kaspersky Lab and Intel Security (now once again McAfee) has published its latest progress report.

NoMoreRansom, a project launched in 2016 by Europol, the Dutch National Police, Kaspersky Lab and Intel Security (now once again McAfee) has published its latest progress report. NoMoreRansom collects the available ransomware decryption tools into a single portal that victims can use to recover encrypted files without having to pay the criminals.

Since the last Europol update in December 2016, the project’s decryption library has been supplemented by the addition of 15 new decryption tools. The catalogue of project partners has expanded by 30 to 76 public and private members, including the law enforcement agencies of Australia, Belgium, Israel, South Korea, Russia and Ukraine; and Interpol. SentinelOne and Verizon Enterprise Solutions are among the new private members.

The full list of available decryption tools can be found here, while the project members can be found here.

According to Europol, 10,000 ransomware victims from all over the world have regained their files through NoMoreRansom since the last December update. Statistics show that most visitors to the platform come from Russia, the Netherlands, the United States, Italy and Germany.

One of the new decryptors, provided by Bitdefender, rescues files from the Bart family of ransomware. “The tool,” says Bitdefender, “is a direct result of successful collaboration between Bitdefender, Europol and Romanian police, supporting the ‘No More Ransom’ initiative kick started by Europol’s European Cybercrime Centre.”

Unlike other ransomware families, Bart does not require an internet connection to encrypt the victim’s files, although one is required to receive the decryption key from the attacker’s C&C server. The malware doesn’t function if the computer’s language is detected as Russian, Belorussian, or Ukrainian — “most probably,” suggests Bitdefender, “because it was written by a Russian speaking hacker.”

The developers of Bart are the same criminal gang as those behind the Dridex and Locky ransomware strains. 

Losses to ransomware continue to increase, rising by 300% from 2015 to 2016 to an estimated total of $1 billion. Estimates for 2017 indicate that the threat is still growing.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...